RE: Change IP Address of VPN
- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 1 Jul 2003 07:47:17 +0200
Hi Tom
No, only the "physical" address is registered. The other 2 do not appear
in my NSLOOKUP.
Cheers
William R.
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 01 July 2003 07:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN
http://www.ISAserver.org
Hi William,
Is the ISA Server registering its virtual address in the DNS?
Thanks!
Tom
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: <http://tinyurl.com/1llp>
http://tinyurl.com/1llp
-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Tuesday, July 01, 2003 12:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN
http://www.ISAserver.org
Hey Greg, I'm with you on that one, but let me explain my FULL picture.
I have 3 IP Addresses assigned to my External NIC (x.x.x.153, x.x.x.155
and x.x.x.156), and by default all my outbound user WEB & FIREWALL
traffic is on the x.x.x.153 address.
Now when my VPN clients try to connect to the x.x.x.153 address, they
can connect fine and the VPN is as solid as can be, but when the VPN
clients are connected all the outbound FIREWALL traffic "fails" over to
the next available IP Address, x.x.x.155. My presumption is that because
the VPN session "secures" the IP Address on which it was connected and
thus doesn't allow any other FIREWALL traffic out. I haven't yet been
able to prove this with WEB traffic as well, but it is definitely the
case with the FIREWALL traffic.
Anyways, the problem with ISA "failing over" to the next IP is that my
external suppliers have firewalled the x.x.x.153 address and NOT the
x.x.x.155 address. So without getting them to adjust their pool of
allowed addresses from me, I have now dedicated the x.x.x.156 address to
VPN traffic only, but I cannot seem to get my clients to connect to this
new IP Address.
If someone has any more info as to why an inbound VPN connection forces
ISA to use a different outbound IP I'm sure it would also explain a lot.
Cheers
William R.
-----Original Message-----
From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx]
Sent: 30 June 2003 16:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN
http://www.ISAserver.org
William
Don't really see the point. In theory the connection and password policy
should be secure enough to handle anything anyway. The only reason I
would change the ip is if I was doing some major network restructuring.
But that's my opinion.
Greg Mulholland
Tech Services Manager
Harvey Norman
+613 98019333
greg_mul@xxxxxxxxxxxxxxx
_____
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Monday, June 30, 2003 11:42 PM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
Hi there
Is there any opinion out there regarding the changing of the VPN Address
used by the clients?
Cheers
William R.
-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: 27 June 2003 15:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Change IP Address of VPN
http://www.ISAserver.org
Hi there
My ISA Server has 3 external IP Addresses bound to the external
interface of my ISA Server. It has now become time for me to change the
IP Address on which my VPN clients connect to my server.
To do this I simply modified the 2 default packet filters:
1) Allow PPTP protocol packets (client) - PPTP Call
2) Allow PPTP protocol packets (server) - PPTP Receive
And changed the Local IP Address to the new external IP Address.
This is obviously not all that needs to be done because my VPN still
doesn't work to this new address. Would someone know if there is any
config change required on RRAS in order to permit VPN access via this
new IP Address?
Cheers
William R.
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
Other related posts:
