RE: VPN to defined network

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 4 Feb 2005 19:30:41 -0600

Hi Alex,
 
No, it doesn't have to be a directly connected network, it just has to
be reachable from that interface.
 
HTH,
Tom

________________________________

From: Alex Litvak [mailto:alexl@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, February 04, 2005 6:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN to defined network


http://www.ISAserver.org
My problem was incorrect usage of Network objects.  I was using networks
instead of external address ranges.  It seems that networks need to be
directly accessible via one of the ISA server interfaces.  Does it mean
it has to be able to receive arp? or just have a static route?  I guess
I am a little bit confused on terminology.

Thanks for your response.   

On Fri, 2005-02-04 at 06:10 -0800, Jim Harrison wrote: 

        http://www.ISAserver.org
        
        Please describe your ISA configuration in better detail:
        Q1 - how many interfaces on the ISA
        Q2 - how many network objects are defined?
        
        -----Original Message-----
        From: alexl@xxxxxxxxxxxxxxxxxxx
[mailto:alexl@xxxxxxxxxxxxxxxxxxx] 
        Sent: Thursday, February 03, 2005 7:41 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] VPN to defined network
        
        http://www.ISAserver.org
        
        It seems that if vpn client comes from default External network,
        everything works fine on ISA2004.  When I define an external
network X
        with some specific address subset, firewall denies connection to
port
        1723
        (pptp) even if I make sure that network X is checked on the list
of
        allowed source networks.  If vpn clined is coming from X it gets
denied
        right from connection to local host port 1723.  As soon as I
remove this
        specific network and client becomes part of default External
network,
        VPN connection works like a champ.
        
        Any ideas, please, I am at the end of the rope here.
        
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
Leading
        Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows
        Security Resource Site: http://www.windowsecurity.com/ Network
Security
        Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
        http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as:
        jim@xxxxxxxxxxxx To unsubscribe visit
        http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx
        
        All mail to and from this domain is GFI-scanned.
        
        
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: alexl@xxxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

-- 
Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>         
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2005