RE: Change IP Address of VPN
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 1 Jul 2003 00:31:51 -0500
Hi William,
Is the ISA Server registering its virtual address in the DNS?
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: William Robertson
[mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Tuesday, July 01, 2003 12:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN
http://www.ISAserver.org
Hey Greg, I'm with you on that one, but let me explain my FULL
picture.
I have 3 IP Addresses assigned to my External NIC (x.x.x.153,
x.x.x.155 and x.x.x.156), and by default all my outbound user WEB &
FIREWALL traffic is on the x.x.x.153 address.
Now when my VPN clients try to connect to the x.x.x.153 address,
they can connect fine and the VPN is as solid as can be, but when the
VPN clients are connected all the outbound FIREWALL traffic "fails" over
to the next available IP Address, x.x.x.155. My presumption is that
because the VPN session "secures" the IP Address on which it was
connected and thus doesn't allow any other FIREWALL traffic out. I
haven't yet been able to prove this with WEB traffic as well, but it is
definitely the case with the FIREWALL traffic.
Anyways, the problem with ISA "failing over" to the next IP is
that my external suppliers have firewalled the x.x.x.153 address and NOT
the x.x.x.155 address. So without getting them to adjust their pool of
allowed addresses from me, I have now dedicated the x.x.x.156 address to
VPN traffic only, but I cannot seem to get my clients to connect to this
new IP Address.
If someone has any more info as to why an inbound VPN connection
forces ISA to use a different outbound IP I'm sure it would also explain
a lot.
Cheers
William R.
-----Original Message-----
From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx]
Sent: 30 June 2003 16:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN
http://www.ISAserver.org
William
Don't really see the point. In theory the connection and
password policy should be secure enough to handle anything anyway. The
only reason I would change the ip is if I was doing some major network
restructuring. But that's my opinion.
Greg Mulholland
Tech Services Manager
Harvey Norman
+613 98019333
greg_mul@xxxxxxxxxxxxxxx
_____
From: William Robertson
[mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Monday, June 30, 2003 11:42 PM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
Hi there
Is there any opinion out there regarding the changing of the VPN
Address used by the clients?
Cheers
William R.
-----Original Message-----
From: William Robertson
[mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: 27 June 2003 15:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Change IP Address of VPN
http://www.ISAserver.org
Hi there
My ISA Server has 3 external IP Addresses bound to the external
interface of my ISA Server. It has now become time for me to change the
IP Address on which my VPN clients connect to my server.
To do this I simply modified the 2 default packet filters:
1) Allow PPTP protocol packets (client) - PPTP Call
2) Allow PPTP protocol packets (server) - PPTP Receive
And changed the Local IP Address to the new external IP Address.
This is obviously not all that needs to be done because my VPN
still doesn't work to this new address. Would someone know if there is
any config change required on RRAS in order to permit VPN access via
this new IP Address?
Cheers
William R.
_____
William Robertson
AST Mpumalanga
Systems House / Consultant: Software
Tel: 013-2472703 / 083 638 0354
Fax: 013-2462236
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the
official
business of Columbus Stainless is proprietary to the company. It
is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being
that
of Columbus Stainless. The person addressed in the e-mail is the
sole
authorised recipient. Please notify the sender immediately if
it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to
ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if
information or
data is,for whatever reason, corrupted or does not reach its
intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
