RE: Change IP Address of VPN

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 2 Jul 2003 09:21:38 -0500

Hi William,
Nope. You can call the 3rd address, but "most of the time" the responses
will come back from the primary IP address. Check out my articles
regarding NLB and VPN over at That's why you could
only use Win2k and WinXP pre-SP1 as VPN clients, because the connecting
IP address and the response IP address was different.
Good new. *Maybe* fixed in Win2k SP4. DEFINITELY fixed in Win2003.
Thomas W Shinder <>  
ISA Server and Beyond:
Configuring ISA Server:


        -----Original Message-----
        From: William Robertson
        Sent: Wednesday, July 02, 2003 3:41 AM
        To: [ Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN

        Hi Tom


        I'm with you on the bottom line of not being able to control the
source address for outbound communications, but what about the reverse,
controlling the inbound address.


        For example, if I can get my inbound VPN clients to connect to
the 3rd IP Address, surely all communications will then leave ISA on
this 3rd IP and not the 1st one which is used by all other

        This should then in principle be a way in which I can "control"
the source address of the VPN connection?


        So I have changed the 2 Packet Filter rules to be applied to
this 3rd address, but I'm hoping you can assist in getting RRAS to
accept the connection on this 3rd IP Address because so far all my
efforts have failed.



        William R.


        -----Original Message-----
        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: 02 July 2003 09:57 AM
        To: [ Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN


        Hi William,


        I would not make that assumption because I have no idea how ISA
decides what address to use for the source address for outbound
communications. I once heard a pretty eloquent explanation from Jim
regarding this, but I don't recall the details, and I wasn't smart
enough at the time to fully appreciate what the issue was. However, I'm
a bottom line kind of guy and I did appreciate the fact that you can not
control the source address for any particuarl outbound packet. 


        And that's what counts, right?





Other related posts: