RE: VPN to defined network
- From: Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 06 Feb 2005 15:17:07 -0600
Hi Tom,
Thank you for your response. I am a little bit confused here. Does
being reachable assumes a static route in case of external network?
Because, in general, external interface could reach all of the public IP
addresses.
Thanks,
On Fri, 2005-02-04 at 19:30 -0600, Thomas W Shinder wrote:
> http://www.ISAserver.org
> Hi Alex,
>
> No, it doesn't have to be a directly connected network, it just has to
> be reachable from that interface.
>
> HTH,
> Tom
>
>
> ______________________________________________________________________
> From: Alex Litvak [mailto:alexl@xxxxxxxxxxxxxxxxxxx]
> Sent: Friday, February 04, 2005 6:04 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: VPN to defined network
>
>
> http://www.ISAserver.org
> My problem was incorrect usage of Network objects. I was using
> networks instead of external address ranges. It seems that networks
> need to be directly accessible via one of the ISA server interfaces.
> Does it mean it has to be able to receive arp? or just have a static
> route? I guess I am a little bit confused on terminology.
>
> Thanks for your response.
>
> On Fri, 2005-02-04 at 06:10 -0800, Jim Harrison wrote:
>
> > http://www.ISAserver.org
> >
> > Please describe your ISA configuration in better detail:
> > Q1 - how many interfaces on the ISA
> > Q2 - how many network objects are defined?
> >
> > -----Original Message-----
> > From: alexl@xxxxxxxxxxxxxxxxxxx [mailto:alexl@xxxxxxxxxxxxxxxxxxx]
> > Sent: Thursday, February 03, 2005 7:41 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] VPN to defined network
> >
> > http://www.ISAserver.org
> >
> > It seems that if vpn client comes from default External network,
> > everything works fine on ISA2004. When I define an external network X
> > with some specific address subset, firewall denies connection to port
> > 1723
> > (pptp) even if I make sure that network X is checked on the list of
> > allowed source networks. If vpn clined is coming from X it gets denied
> > right from connection to local host port 1723. As soon as I remove this
> > specific network and client becomes part of default External network,
> > VPN connection works like a champ.
> >
> > Any ideas, please, I am at the end of the rope here.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > alexl@xxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
>
> --
> Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?
> enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> alexl@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?
> enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
--
Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>
Other related posts:
