Hi Tiago, That's why I stay out of the IPSec tunnel mode game. :) How do you specify on the Dlink the remote site network? Can't you just enter the two network IDs? Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Tuesday, March 14, 2006 2:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: [LONG POST] Second Internal network behind leased line on ISA2004 http://www.ISAserver.org Hey Tom, Sure, what did ya expect from a home device? ;) But my logic is correct, isn't it? There's no way to circumvent this unless I create a network between the frame relay router and the ISA Server with a different subnet, or swap the VPN device (dunno even if any IPSec VPN device would work under these circumstances). Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> tshinder@xxxxxxxxxxx 14/3/2006 17:40:36 >>> http://www.ISAserver.org Hi Tiago, Is this a limitation of Dlink? Its a no brainer using L2TP/IPSec site to site VPN to denote multiple address ranges for the remote network. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Tuesday, March 14, 2006 2:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: [LONG POST] Second Internal network behind leased line on ISA2004 http://www.ISAserver.org I must specify in the D-link which is my remote and local networks. There (where I have the VPN Router): Remote network: Local Network: 192.168.1.0 192.168.3.0 mask 255.255.255.0 mask 255.255.255.0 Here (where I have ISA): Local network: Remote Network: 192.168.1.0 192.168.3.0 mask 255.255.255.0 mask 255.255.255.0 When the tunnel is establishing, If I include 192.168.4.0 into the Internal Network object, the dlink router will receive that subnet as well as being Internal, since it is on ISA's Internal object, and the tunnel gets dropped. I can't specify on the dlink device that I have two remote networks on the other side of the tunnel. If I remove the 192.168.4.0 network from the Internal Object, the tunnel goes up immediately. Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> tshinder@xxxxxxxxxxx 14/3/2006 17:16 >>> http://www.ISAserver.org Hi Tiago, Why? Its in front of the ISA firewall. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx