Hi Alex, No, it doesn't have to be a directly connected network, it just has to be reachable from that interface. HTH, Tom ________________________________ From: Alex Litvak [mailto:alexl@xxxxxxxxxxxxxxxxxxx] Sent: Friday, February 04, 2005 6:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to defined network http://www.ISAserver.org My problem was incorrect usage of Network objects. I was using networks instead of external address ranges. It seems that networks need to be directly accessible via one of the ISA server interfaces. Does it mean it has to be able to receive arp? or just have a static route? I guess I am a little bit confused on terminology. Thanks for your response. On Fri, 2005-02-04 at 06:10 -0800, Jim Harrison wrote: http://www.ISAserver.org Please describe your ISA configuration in better detail: Q1 - how many interfaces on the ISA Q2 - how many network objects are defined? -----Original Message----- From: alexl@xxxxxxxxxxxxxxxxxxx [mailto:alexl@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, February 03, 2005 7:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] VPN to defined network http://www.ISAserver.org It seems that if vpn client comes from default External network, everything works fine on ISA2004. When I define an external network X with some specific address subset, firewall denies connection to port 1723 (pptp) even if I make sure that network X is checked on the list of allowed source networks. If vpn clined is coming from X it gets denied right from connection to local host port 1723. As soon as I remove this specific network and client becomes part of default External network, VPN connection works like a champ. Any ideas, please, I am at the end of the rope here. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alexl@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx