Connecting 2 Remote VPN's together - HELP!
- From: "Mike Anderson" <mike@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Nov 2004 23:39:16 -0600
Hello All,
I am ready to shoot myself, I am so frustrated with this whole thing. I
read ALL the articles on the ISA Website, specifically written by Thomas
Shinder, and I STILL can't get this thing working. (btw, you are one
brilliant man, and I own ALL your books).
I have 2 Corporate Networks, each with it's own T-1 to the Internet,
running ISA Server 2004 as my firewall solution. I am pretty sure I
have all the filters properly setup, etc. so I need to now figure out,
if my problems are due to ISA or RRAS not being setup properly.
In the RRAS servers on each end, I have Routing Interfaces setup,
representing the remote sides of the connection. One end strictly calls
out, and the other end strictly receives the calls. To play it safe, I
created users on both servers, making sure they were identical to the
name of the Routing Interfaces I created. Well, I don't want to get
into too many details - the important thing is this:
I can get the 2 networks connected together just fine, and the link
stays up. Now, the ONLY IP addresses I can ping (and this goes for both
sides) are the primary IP's that are bound to the Internal NIC on the
opposite side. Rest assured, that I have permanent Static Routes
entered into RRAS, and the Routing Interface representing the remote
side, is the adapter that the route applies to.
What is causing me to not be able to ping anything BEYOND the ISA
Server? Again, from either the ISA Server itself, or an actual
workstation on the LAN, I am able to ping the other side of the
connection - yet the only IP's that respond, are the ones ONLY bound on
the Remote ISA Servers. It's almost as if Routing is simply not
forwarding the packets BEYOND the ISA Server - as my pings come back
"unreachable" if I try.
At this point, I am simply stumped, and not sure what to do. Any
suggestions, or troubleshooting techniques would be incredibly
appreciated. Even if I have to strip down the network, one component at
a time, until I get to the lowest common denominator - I will do what it
takes, to get the traffic routed 100% - going both ways.
Thanks for your help,
Mike
Other related posts:
