RE: VPN to defined network
- From: Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 04 Feb 2005 18:04:00 -0600
My problem was incorrect usage of Network objects. I was using networks
instead of external address ranges. It seems that networks need to be
directly accessible via one of the ISA server interfaces. Does it mean
it has to be able to receive arp? or just have a static route? I guess
I am a little bit confused on terminology.
Thanks for your response.
On Fri, 2005-02-04 at 06:10 -0800, Jim Harrison wrote:
> http://www.ISAserver.org
>
> Please describe your ISA configuration in better detail:
> Q1 - how many interfaces on the ISA
> Q2 - how many network objects are defined?
>
> -----Original Message-----
> From: alexl@xxxxxxxxxxxxxxxxxxx [mailto:alexl@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, February 03, 2005 7:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] VPN to defined network
>
> http://www.ISAserver.org
>
> It seems that if vpn client comes from default External network,
> everything works fine on ISA2004. When I define an external network X
> with some specific address subset, firewall denies connection to port
> 1723
> (pptp) even if I make sure that network X is checked on the list of
> allowed source networks. If vpn clined is coming from X it gets denied
> right from connection to local host port 1723. As soon as I remove this
> specific network and client becomes part of default External network,
> VPN connection works like a champ.
>
> Any ideas, please, I am at the end of the rope here.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> alexl@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
--
Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>
Other related posts:
