Hi Mark, This looks like a network behind a network config to me. I prefer Route for site to site connections, since if you wanted to NAT, you could use publish services and not go through the hassle of a site to site VPN. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 14, 2006 5:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN routing Problems http://www.ISAserver.org I Don't know why but it's working again (which is not to comforting), killed all network rules and rebuilt them and it all came back up. The strange thing is I can get everything working except 9100 with nat relationship, or I can get 9100 and nothing else working with route relationship??? Any ideas on that one??? Thanks Mark -----Original Message----- From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 14, 2006 2:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN routing Problems http://www.ISAserver.org Yes I did a 'route add -p' it was working great for months up until today, I change the network rule to route to test port 9100 denials, port 9100 traffic started working but all other traffic stopped working, then changed it back to nat. I cannot ping the remote network from the VPN but I can ping it from the local isa box and the local LAN???? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, February 14, 2006 1:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN routing Problems http://www.ISAserver.org Hi Mark, Did you put a routing table entry on the ISA firewall with a route to the remote site 2 gateway? HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Mark Morgan [mailto:mmorgan@xxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 14, 2006 3:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] VPN routing Problems http://www.ISAserver.org Hello All, I am having some issues with my vpn traffic, My vpn tunnel is up traffic is flowing to my internal subnet, but i have a second tunnel on an instagate vpn device, trafic from tunnel 1 on the isa was routing to the instagate through the second tunnel to a remote site, today it stopped i can ping the remote site through the instagate from isa local, but through the isa vpn i cannot ping or access any machines on the instagate vpn. I have a feeling it is my network rules but i have rebuilt them and still have same problem?????? remote site 1 remote site 2 | | | | ISA Instagate \ / \ / > > LAN forgive the bad ascii art. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mmorgan@xxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.8/260 - Release Date: 02/14/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.8/260 - Release Date: 02/14/2006 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mmorgan@xxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.8/260 - Release Date: 02/14/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.8/260 - Release Date: 02/14/2006 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx