[isalist] ICS/Bridging over VPN problems [retry]

• From: "Jonathon J. Howey" <Jonathon@xxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Fri, 8 Dec 2006 18:49:19 -0700

Hope I can explain my situation well enough, although I apologize as the
solution may not even involve ISA 2004 (but I would appreciate anyone's
networking advise).
 
I have on my client:
1 NIC hanging off to WAN -- "WAN"
1 NIC connected to H.323 IP Phone -- "Phone"
VPN Connection to server H.323 will talk to; receives a 192.168.100.0/24
IP -- "VPN"
IPRouting is enabled on the XP SP2 desktop through registry change +
reboot
 
------
 
Now in terms of ICS (remember that ICS has internal DHCP server which
hands out 192.168.0.0/24 by default):
1) When I setup "WAN" to share to "Phone", ISA logs the IP that the
H.323 Phone received, so 192.168.0.X.
2) On the other hand, if "VPN" is setup to share to "Phone", ISA logs
the VPN address as the client accessing the network, so 192.168.100.X
 
 
My problem is that in ICS Scenario #1, ISA denies the connection as
192.168.0.X is of course not part of the Internal or VPN Clients
network.
 
In ICS Scenario #2, it works fine, but due to the routing problems, it
can never find it's way back to the H.323 phone as it knows the
destination is only 192.168.100.X and when I trace with
Ethereal/Wireshark, the packets do not contain any references to the
original client (and so once it hits the PPP interface on the client it
doesn't know what to do with it).
 
I think that if I were to bridge "WAN" and "Phone" together, I would be
dealing with a combination of the problems of #1 and #2 would I not? (or
does a bridge do something special with managing concurrent streams?)  I
know that if I bridge them together, "Phone" will get an IP from the
same DHCP server as "WAN" did, but I run into routing issues.
 
------
 
Has anything ever had to deal with this situation?  What we be the ideal
solution to Scenario #1 [this of course is why I posted here and not
some networking newsgroup]?  Any other ideas / am I misunderstanding the
technical problem? 
 
 
(In case you are wondering why I'm dealing with this problem, it is
because due to upper management constraints on server locations while we
move offices, all of our servers are in one location while we have users
who need to use the phone server remotely and I know it's possible).
 
 
 
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
 
Defining the Future of Industry
www.MENSE.ca <http://www.mense.ca/> 
 
 
 

Other related posts:

• » [isalist] ICS/Bridging over VPN problems [retry]

1. Home
2. isalist
3. Archive
4. 12-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---