RE: Change IP Address of VPN

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 1 Jul 2003 00:31:51 -0500

Hi William,
Is the ISA Server registering its virtual address in the DNS?
Thomas W Shinder <>  
ISA Server and Beyond:
Configuring ISA Server:


        -----Original Message-----
        From: William Robertson
        Sent: Tuesday, July 01, 2003 12:09 AM
        To: [ Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN

        Hey Greg, I'm with you on that one, but let me explain my FULL


        I have 3 IP Addresses assigned to my External NIC (x.x.x.153,
x.x.x.155 and x.x.x.156), and by default all my outbound user WEB &
FIREWALL traffic is on the x.x.x.153 address.


        Now when my VPN clients try to connect to the x.x.x.153 address,
they can connect fine and the VPN is as solid as can be, but when the
VPN clients are connected all the outbound FIREWALL traffic "fails" over
to the next available IP Address, x.x.x.155. My presumption is that
because the VPN session "secures" the IP Address on which it was
connected and thus doesn't allow any other FIREWALL traffic out. I
haven't yet been able to prove this with WEB traffic as well, but it is
definitely the case with the FIREWALL traffic.


        Anyways, the problem with ISA "failing over" to the next IP is
that my external suppliers have firewalled the x.x.x.153 address and NOT
the x.x.x.155 address. So without getting them to adjust their pool of
allowed addresses from me, I have now dedicated the x.x.x.156 address to
VPN traffic only, but I cannot seem to get my clients to connect to this
new IP Address.


        If someone has any more info as to why an inbound VPN connection
forces ISA to use a different outbound IP I'm sure it would also explain
a lot.



        William R.


        -----Original Message-----
        From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx] 
        Sent: 30 June 2003 16:25 PM
        To: [ Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN




        Don't really see the point. In theory the connection and
password policy should be secure enough to handle anything anyway. The
only reason I would change the ip is if I was doing some major network
restructuring. But that's my opinion.


        Greg Mulholland

        Tech Services Manager

        Harvey Norman

        +613 98019333




        From: William Robertson
        Sent: Monday, June 30, 2003 11:42 PM
        To: [ Discussion List]


        Hi there


        Is there any opinion out there regarding the changing of the VPN
Address used by the clients?



        William R.



        -----Original Message-----
        From: William Robertson
        Sent: 27 June 2003 15:28 PM
        To: [ Discussion List]
        Subject: [isalist] Change IP Address of VPN


        Hi there


        My ISA Server has 3 external IP Addresses bound to the external
interface of my ISA Server. It has now become time for me to change the
IP Address on which my VPN clients connect to my server.


        To do this I simply modified the 2 default packet filters:

        1)       Allow PPTP protocol packets (client) - PPTP Call

        2)       Allow PPTP protocol packets (server) - PPTP Receive


        And changed the Local IP Address to the new external IP Address.


        This is obviously not all that needs to be done because my VPN
still doesn't work to this new address. Would someone know if there is
any config change required on RRAS in order to permit VPN access via
this new IP Address?



        William R.


William Robertson

AST Mpumalanga

Systems House / Consultant: Software

Tel: 013-2472703 / 083 638 0354

   Fax: 013-2462236



        Everything in this e-mail and attachments relating to the
        business of Columbus Stainless is proprietary to the company. It
        confidential, legally privileged and protected by law. Columbus 
        Stainless does not own and endorse any other content. Views and 
        opinions are those of the sender unless clearly stated as being
        of Columbus Stainless. The person addressed in the e-mail is the
        authorised recipient.  Please notify the sender immediately if
it has 
        unintentionally reached you and do not read, disclose or use the

        content in any way. Whilst all reasonable steps are taken to
        the accuracy and integrity of information and data transmitted 
        electronically and to preserve the confidentiality thereof, no 
        liability or responsibility whatsoever is accepted if
information or 
        data is,for whatever reason, corrupted or does not reach its

        List Archives:
        ISA Server Newsletter:
        ISA Server FAQ:
        Other Internet Software Marketing Sites:
        Leading Network Software Directory:
        No.1 Exchange Server Resource Site:
        Windows Security Resource Site:
        Network Security Library:
        Windows 2000/NT Fax Solutions:
        You are currently subscribed to this Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to

Other related posts: