RE: BUG in ISA with VPN and SSL...Any ideas Tom...Jim...
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 24 Feb 2003 16:49:16 -0600
Hi Steve,
OK. :-)
I'm stumped. I have no idea why making the internal interface the
secondary adapter would make it more stable. But, I guess you could make
the internal interface the secondary adapter and then put your internal
network DNS server on the DNS server list of the external interface. It
would have the same effect, which is to optimize name resolution. Maybe
there's some strange requirement for the external interface to be the
primary adapter on VPN gateway to gateway configs, but I've never
noticed it or done it that way before ;-)
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 4:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas
Tom...Jim...
http://www.ISAserver.org
Inline
:))
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 6:31 PM
To: Isa List
Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas
Tom...Jim...
http://www.ISAserver.org
Hi Steve,
Not sure what you're getting at here. Each ISA Server should be
configured with a DNS server entry on the internal interface,
......It is
and the internal interface should be on the top of the adapters list on
each ISA Server. That DNS server should be configured to resolve
Internet Host names.
......If I do that then the vpn's drop and reconnect
How can the external interface be the internal interface? Remember, ISA
Server seeing the world in terms of internal/trusted (LAT hosts) and
external/untrusted (non-LAT hosts). I don't see how the VPN gateway
interface could be a LAT interface!
......It's not
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 4:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas
Tom...Jim...
http://www.ISAserver.org
Meant to say, all the vpn clients that are behind the various servers,
can ping pc's in my domain by FQDN and they resolve correctly to the
internal addresses and vice versa. With the lan adapter set to north. If
I change it to south, can still ping but the connections drop and
reconnect ad infinitum
Steve
Steve
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 6:16 PM
To: Isa List
Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas
Tom...Jim...
http://www.ISAserver.org
Hi Steve,
OK, clients on the remote network need to access the site via its
INTERNAL address. The clients on the remote network should not go
through the external interface of the ISA Server, since they are
internal network clients, not external network clients. Make sure you're
split DNS is in order and that all internal network clients access
internal resources via their internal addresses.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 4:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas
Tom...Jim...
http://www.ISAserver.org
Hi Tom
No, The isa server's acting as the vpn server, OWA's published to a
server behind isa.
Steve
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 6:06 PM
To: Isa List
Subject: [isalist] RE: BUG in ISA with VPN and SSL...Any ideas
Tom...Jim...
http://www.ISAserver.org
Hi Steve,
Are the ISA Server's acting as both VPN and OWA servers? The tunnel
endpoints need to be the primary IP address on the external interface of
each ISA Server (I'm assuming that you're not creating a ISA/VPN gateway
tunnel inside a tunnel created by routers connecting your sites).
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 4:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] BUG in ISA with VPN and SSL...Any ideas Tom...Jim...
http://www.ISAserver.org
Hi
Is it me or is it a bug.
I have site to site vpn's (3). They work as they're supposed to. I have
OWA with SSL. It works as it's supposed to. They just don't work
together.
Let me explain.
To have successful vpn's the wan adapter has to be the North. Fine. If
the wan adapter is changed to south, then the vpn's drop and reconnect
continuously when being accessed, apparently this is by design.
This config (WAN/North), returns a proxy loop error, if you try to
access an ssl site published by FQDN.
If I change the nic order to LAN/North, OWA/SSL works fine. Vpn's drop.
Have you any idea how I can get the 2 to work together or is it just one
or the other.
Thanks
Steve
This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx
Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.
usermanager@xxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx
Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.
usermanager@xxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx
Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.
usermanager@xxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx
Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.
usermanager@xxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
