Re: VPN issues...

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 5 Aug 2001 11:52:11 -0700

The default gateway is the local IP because you are the whole subnet with a
32-bit mask.  Remember, the default gateway is where you send any traffic
not on the local subnet.  Since you are the local subnet, all traffic is
sent to you and then routed out the VPN connection.  It's all "under the
covers".  I'll bet that if you try to connect to \\RRAS-server-IP\c$ with
appropriate permissions, you'll see what you want.
As far as using the remote ISA to access the Internet, that's a relatively
easy one regardless of the type of windows client:
    In IE connection properties, highlight the VPN connectoid in "Dial-ip
and Virtual Private Network settings" and click "settings"
    Leave "Auto discovery" disabled
    Enter the internal IP address of the remote ISA and the port used for
the outgoing web listener (8080 by default)
    Select "bypass proxy for local addresses"
You can also use the FW client, but auto-discovery will get snaky if you
don't support it through the distant DNS / DHCP settings.
"Standard Windows client"; that's good  8-)...
W9x, WMe, NT4 clients don't resolve names the same way that W2K and WXP
clients do and W9x, WMe clients also don't use the same VPN mechanisms as do
the NT4, W2K, WXP clients do, so they can't be grouped like that.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, August 05, 2001 11:38 AM
Subject: [isalist] Re: VPN issues...


http://www.ISAserver.org


Got allow ip routing checked.

So why does the default gateway show up as the dhcp address the client
picked up. I can't get to any internet sites when connected.

BTW am usign the standard windows client.



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Sunday, August 05, 2001 2:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: VPN issues...


http://www.ISAserver.org


You don't say what client you're using, so here goes my best guesses:
1. You have to allow IP routing in RRAS IP properties to use resources
other
than those provided by the RRAS server itself.
2. W9x , WME, XP Home clients can't connect "as", so the default user
may
not have rights, regardless of the VPN credentials.
3. If you're trying to connect or map via names and don't have WINS (for
W9x, ME) or DNS (W2K, XP pro) for name resolution, it'll fail.
4. The 32-bit mask and default gateway is correct for VPN clients; the
routing is handled by RRAS.  This is also the reason you can't resolve
machine names via NetBIOS broadcast; your subnet is limited to the local
machine, so you can only broadcast to yourself.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, August 05, 2001 11:09 AM
Subject: [isalist] VPN issues...


http://www.ISAserver.org


I have my vpn setup with a single internal subnet (same as the internal
nic on isa).

I am having problems mapping to file shares and getting back out to the
internet.

I do not have wins running and am trying to connect via \\10.0.0.20\c$
or \\servername.mydomain.com\c$ to no avail.

I can hit my internal website from the client though. I notcie on my vpn
ppp/slip interface it says I have a subnet mask of 255.255.255.255. Is
that correct? It also has the clients own ip (that it got from dhcp) as
the default gateway.

Any ideas are appreciated. I'd rather not use wins if I don't have to.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: