[isalist] Re: VPN Client to access additional network
- From: Danny <nocmonkey@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 30 Nov 2007 09:29:40 -0500
Yes, on the first point. None that I recall. So, it is advised to create a
new Network definition for the 172.16.0.0/16 subnet and create a policy that
permits the VPN Client access to the network? Will this take care of all the
routing then?
Thanks.
On Nov 30, 2007 9:17 AM, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> OK, client is a member of the VPN Clients Network.
>
> Destination -- what ISA Firewall Network does that belong to?
>
> Tom
>
> *
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
> *
>
> ------------------------------
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Danny
> *Sent:* Friday, November 30, 2007 7:38 AM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] Re: VPN Client to access additional network
>
> The VPN Client is coming in through the Internet/External NIC. The
> destination is subnet is an extension of the Internal network.
>
> I am not sure that answered your question, though! Please advise.
>
> Thanks, Dr. Shinder.
>
> On Nov 29, 2007 10:43 PM, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
>
> > What ISA Firewall Network is the client on?
> >
> >
> >
> > *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:
> > isalist-bounce@xxxxxxxxxxxxx] *On Behalf Of *Danny
> > *Sent:* Thursday, November 29, 2007 9:29 PM
> > *To:* isalist@xxxxxxxxxxxxx
> > *Subject:* [isalist] VPN Client to access additional network
> >
> >
> >
> > Challenge: ISA 2004 VPN client is unable to connect to additional (
> > 172.16.0.0/16) network via LAN (192.168.0.2/24) default gateway supplied
> > by LAN DHCP server.
> >
> > ISA Internal NIC: 192.168.0.250
> > ISA External NIC: 123.123.123.123 (i.e Public IP)
> >
> > Default Gateway IP on LAN: 192.168.0.2
> > Router IP connected to 172.16.0.0 Network: 192.168.0.3 (static route on
> > DGW for 172.16.0.0 network points to this router)
> >
> > DHCP supplied VPN client:
> > IP: 192.168.0.150
> > Default Gateway: <same as above>
> >
> > VPN client pings 172.16.0.10 IP, result is request timed out. Traceroute
> > times out with unlabeled (*) network hops.
> >
> > VPN firewall policy permits All Outbound from VPN Clients to All
> > Protected Networks. I am thinking I should create a new Network definition
> > and update the policy and/or ensure the new network is included in the All
> > Protected Networks definition.
> >
> > I am reviewing <http://www.isaserver.org/articles/2004netinnet.html> and
> > <http://blogs.technet.com/sbs/archive/2007/11/29/network-behind-a-network.aspx>,
> > trying to figure out what options or what would be the best practice on how
> > to configure ISA and/or the network to accommodate this requirement?
> >
> > Thank you for your assistance.
> >
> >
> >
> >
> >
>
>
> --
> CPDE - Certified Petroleum Distribution Engineer
> CCBC - Certified Canadian Beer Consumer
>
>
--
CPDE - Certified Petroleum Distribution Engineer
CCBC - Certified Canadian Beer Consumer
Other related posts:
