Hi Steve, Not sure what you're getting at here. Each ISA Server should be configured with a DNS server entry on the internal interface, and the internal interface should be on the top of the adapters list on each ISA Server. That DNS server should be configured to resolve Internet Host names. How can the external interface be the internal interface? Remember, ISA Server seeing the world in terms of internal/trusted (LAT hosts) and external/untrusted (non-LAT hosts). I don't see how the VPN gateway interface could be a LAT interface! Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: Monday, February 24, 2003 4:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas Tom...Jim... http://www.ISAserver.org Meant to say, all the vpn clients that are behind the various servers, can ping pc's in my domain by FQDN and they resolve correctly to the internal addresses and vice versa. With the lan adapter set to north. If I change it to south, can still ping but the connections drop and reconnect ad infinitum Steve Steve -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, February 24, 2003 6:16 PM To: Isa List Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas Tom...Jim... http://www.ISAserver.org Hi Steve, OK, clients on the remote network need to access the site via its INTERNAL address. The clients on the remote network should not go through the external interface of the ISA Server, since they are internal network clients, not external network clients. Make sure you're split DNS is in order and that all internal network clients access internal resources via their internal addresses. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: Monday, February 24, 2003 4:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas Tom...Jim... http://www.ISAserver.org Hi Tom No, The isa server's acting as the vpn server, OWA's published to a server behind isa. Steve -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, February 24, 2003 6:06 PM To: Isa List Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas Tom...Jim... http://www.ISAserver.org Hi Steve, Are the ISA Server's acting as both VPN and OWA servers? The tunnel endpoints need to be the primary IP address on the external interface of each ISA Server (I'm assuming that you're not creating a ISA/VPN gateway tunnel inside a tunnel created by routers connecting your sites). Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: Monday, February 24, 2003 4:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] BUG in ISA with VPN and SSL...Any ideas Tom...Jim... http://www.ISAserver.org Hi Is it me or is it a bug. I have site to site vpn's (3). They work as they're supposed to. I have OWA with SSL. It works as it's supposed to. They just don't work together. Let me explain. To have successful vpn's the wan adapter has to be the North. Fine. If the wan adapter is changed to south, then the vpn's drop and reconnect continuously when being accessed, apparently this is by design. This config (WAN/North), returns a proxy loop error, if you try to access an ssl site published by FQDN. If I change the nic order to LAN/North, OWA/SSL works fine. Vpn's drop. Have you any idea how I can get the 2 to work together or is it just one or the other. Thanks Steve This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')