ISA 2004, VPN, Network behind a network

From: "Paul Crisp" <pcrisp@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Thu, 24 Feb 2005 00:23:33 -0000

OK,
I have been racking my brain about this all night.
First of all i have successfully installed ISA 2004 and setup VPN access, both
client and site-2-site. The problem i am experiencing is this.

As a remote access user myself, i want to be able to VPN into our ISA 2004
server (Not a problem in itself, works fine), but i also want to gain access
to two other subnets behind our ISA 2004.

I have read all of the articles regarding networks behind networks and i have
added the relevant ranges both to the Internal network and i have also created
the neccessary subnets and i have added manual persistant routes as well. From
the ISA server itself i can ping all subnets without a problem, but as a VPN
user i can only ever ping the subnet the ISA itself sits on.

1 - What do i need to do to get this to work, i have been working on home on
this for the last 6hrs !! ?

Next question is, i keep getting this error

ISA Server detected routes through adapter "Intel(R) PRO/100+ Server Adapter
(PILA8470B) (Microsoft's Packet Scheduler) " that do not correlate with the
network element to which this adapter belongs. The address ranges in conflict
are: 192.?.?.255-192.?.?.255;192.?.?.0-192.?.?.255;. Fix the network element
and/or the routing table to make these ranges consistent; they should be in
both or in neither. If you recently created a remote site network, check if the
event recurs. If it does not, you may safely ignore this message.

2 - Again i have tried everything to add the correct address range to the
network, but this error persists. I did read an article on the ISAServer.org
forum and Tom said this can be ignored if all is working, is that correct Tom ?

Third and final question is a slightly strange one.

RRAS. I have also upgraded another ISA 2000 server to 2004 and although the
RRAS does not contain any interfaces apart from the standard physical and
loopback interfaces, the ISA server keeps getting this error

Description: The VPN connection attempt by user <computername>\WORCESTER_BILL
could not be established. The failure is due to error: 0xc0040021

3 - Although i haven't had this specific error with ISA 2000 before, i have
experienced interfaces disapearing and then suddenly appearing in RRAS and
Windows 2000, can anyone shed any light ?

All help is extremely appreciated and if you require anymore information i will
be pleased to pass on

Regards

Paul Crisp
Snr Network Support Analyst
Metal Bulletin PLC

-------------------------------------------------------------------------------------------

This e-mail, together with any attachments, is confidential between the sender
and addressee(s). If you are not the intended recipient(s)of this e-mail you
should not copy it or use it for any purpose nor disclose its contents to any
person: to do so may be unlawful. If you have received this e-mail by mistake
please notify the sender immediately by e-mail and delete this e-mail and any
attachments from your system. To the maximum extent permitted by law, Metal
Bulletin PLC accepts no liability for any loss or damage resulting from
unauthorised use of this email or any attachment or from unauthorised use of
any information contained or implied in the email or attachments.

Metal Bulletin PLC gives no warranty as to the security, accuracy or
completeness of this e-mail, or any attachments, after it has been sentnor does
it accept responsibility for any errors or omissions in the contents of this
message which arise as a result of the e-mail transmission. The views and
opinions of the sender are not necessarily those of Metal Bulletin Plc

Metal Bulletin PLC takes care to check all outgoing emails but any liability
for any loss or damage resulting from any viruses that might accompany this
email or any attachments is excluded to the fullest extent permitted by law. If
you have reason to believe that this email or any attachment is contaminated
with any form of virus please delete it from your system and advise us by
return.

Metal Bulletin PLC reserves the right to monitor incoming and outgoing emails
to investigate or detect any unauthorised use of our system or any other email
system. As a result, we may monitor who is sending and/or receiving email, the
subject of emails and the content of emails and we may collect related personal
information about you within our email system. We will use this information for
the purposes set out above and may also disclose it to relevant regulatory
authorities.

Metal Bulletin PLC is a company registered in England and Wales under
registered number 142215 and whose registered office is at 3 Park Terrace,
Worcester Park, Surrey, KT4 7HY, England.

ISA 2004, VPN, Network behind a network

Other related posts: