RE: [LONG POST] Second Internal network behind leased line on ISA2004

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 14 Mar 2006 14:59:38 -0600
Hi Tiago,
 
That's why I stay out of the IPSec tunnel mode game. :)
 
How do you specify on the Dlink the remote site network? Can't you just enter 
the two network IDs?
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] 
        Sent: Tuesday, March 14, 2006 2:45 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: [LONG POST] Second Internal network behind 
leased line on ISA2004
        
        
        http://www.ISAserver.org
        
        Hey Tom,
         
        Sure, what did ya expect from a home device? ;)
         
        But my logic is correct, isn't it? There's no way to circumvent this 
unless I create a network between the frame relay router and the ISA Server 
with a different subnet, or swap the VPN device (dunno even if any IPSec VPN 
device would work under these circumstances).
         
         
         
        Tiago de Aviz
        SoftSell - Curitiba
        (41) 3340-2363
        www.softsell.com.br 
         
        Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu 
conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta 
mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de 
seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta 
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável 
pelo conteúdo ou a veracidade desta informação.
        
        
        >>> tshinder@xxxxxxxxxxx 14/3/2006 17:40:36 >>>
        
        http://www.ISAserver.org
        
        Hi Tiago,
         
        Is this a limitation of Dlink? Its a no brainer using L2TP/IPSec site 
to site VPN to denote multiple address ranges for the remote network.
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls

         


________________________________

                From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] 
                Sent: Tuesday, March 14, 2006 2:17 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: [LONG POST] Second Internal network 
behind leased line on ISA2004
                
                
                http://www.ISAserver.org
                
                I must specify in the D-link which is my remote and local 
networks.
                 
                There (where I have the VPN Router):
                Remote network:              Local Network:
                192.168.1.0                      192.168.3.0
                mask 255.255.255.0          mask 255.255.255.0
                
                 
                Here (where I have ISA):
                Local network:                  Remote Network:
                192.168.1.0                      192.168.3.0
                mask 255.255.255.0          mask 255.255.255.0
                
                When the tunnel is establishing, If I include 192.168.4.0 into 
the Internal Network object, the dlink router will receive that subnet as well 
as being Internal, since it is on ISA's Internal object, and the tunnel gets 
dropped.
                 
                I can't specify on the dlink device that I have two remote 
networks on the other side of the tunnel. If I remove the 192.168.4.0 network 
from the Internal Object, the tunnel goes up immediately.
                 
                 
                 
                Tiago de Aviz
                SoftSell - Curitiba
                (41) 3340-2363
                www.softsell.com.br 
                 
                Esta mensagem, incluindo seus anexos, tem caráter confidencial 
e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido 
esta mensagem por engano, queira por favor retorná-la ao destinatário e 
apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou 
disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell 
não é responsável pelo conteúdo ou a veracidade desta informação.
                

                >>> tshinder@xxxxxxxxxxx 14/3/2006 17:16 >>>
                
                http://www.ISAserver.org
                
                Hi Tiago,
                 
                Why? Its in front of the ISA firewall.
                 
                Thomas W Shinder, M.D.
                Site: www.isaserver.org <http://www.isaserver.org/> 
                Blog: http://blogs.isaserver.org/shinder/
                Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
                MVP -- ISA Firewalls

        ------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx
RE: [LONG POST] Second Internal network behind leased line on ISA2004

Other related posts:
