Hi Tom, Thank you for your response. I am a little bit confused here. Does being reachable assumes a static route in case of external network? Because, in general, external interface could reach all of the public IP addresses. Thanks, On Fri, 2005-02-04 at 19:30 -0600, Thomas W Shinder wrote: > http://www.ISAserver.org > Hi Alex, > > No, it doesn't have to be a directly connected network, it just has to > be reachable from that interface. > > HTH, > Tom > > > ______________________________________________________________________ > From: Alex Litvak [mailto:alexl@xxxxxxxxxxxxxxxxxxx] > Sent: Friday, February 04, 2005 6:04 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: VPN to defined network > > > http://www.ISAserver.org > My problem was incorrect usage of Network objects. I was using > networks instead of external address ranges. It seems that networks > need to be directly accessible via one of the ISA server interfaces. > Does it mean it has to be able to receive arp? or just have a static > route? I guess I am a little bit confused on terminology. > > Thanks for your response. > > On Fri, 2005-02-04 at 06:10 -0800, Jim Harrison wrote: > > > http://www.ISAserver.org > > > > Please describe your ISA configuration in better detail: > > Q1 - how many interfaces on the ISA > > Q2 - how many network objects are defined? > > > > -----Original Message----- > > From: alexl@xxxxxxxxxxxxxxxxxxx [mailto:alexl@xxxxxxxxxxxxxxxxxxx] > > Sent: Thursday, February 03, 2005 7:41 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] VPN to defined network > > > > http://www.ISAserver.org > > > > It seems that if vpn client comes from default External network, > > everything works fine on ISA2004. When I define an external network X > > with some specific address subset, firewall denies connection to port > > 1723 > > (pptp) even if I make sure that network X is checked on the list of > > allowed source networks. If vpn clined is coming from X it gets denied > > right from connection to local host port 1723. As soon as I remove this > > specific network and client becomes part of default External network, > > VPN connection works like a champ. > > > > Any ideas, please, I am at the end of the rope here. > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com Leading > > Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > alexl@xxxxxxxxxxxxxxxxxxx > > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > -- > Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx> > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl? > enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > alexl@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl? > enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx -- Alex Litvak <alexl@xxxxxxxxxxxxxxxxxxx>