RE: Connecting 2 Remote VPN's together - HELP!
- From: "Mike Anderson" <mike@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 12 Nov 2004 14:52:52 -0600
Ahhh thanks Steve,
I see the point you are trying to make. I am still dead in the water,
and just can't figure out this darn thing. All I want to do, is give
each location, their own ISA Server, so they can surf the web, etc.
using their OWN T-1 bandwidth. And then, if they want to access any
remote network resources, the ISA Server will recognize that the IP
address belonging to that machine, is on the other side of the link -
and therefore, ROUTE them over there.
I really thought I had this stuff down, but now I feel like a total
MORON. Now, one thing is a little better now - from one ISA Server, I
can ping ANY address on the other side of the remote network - but I
still can't get a response if I use a workstation behind that same
firewall, to get me to the other side. It just refuses to forward my
packets. Grrrrrrr.
Tonight, I am going to start from scratch once again, and see if I am
missing something here. This time around, I won't mess with the RRAS
directly - and will let ISA do everything.
I would have thought, that by using ISA 2004 - this would have been a 10
minute job - but it is NOT.
Does anybody have anything else to offer potentially? I really have to
get this thing working.
Thanks,
Mike
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Friday, November 12, 2004 7:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connecting 2 Remote VPN's together - HELP!
http://www.ISAserver.org
ISA should be dealing with the RRAS side of things, don't try and modify
RRAS settings yourself. I found that out the hard in the early days. All
you need to do is make sure the vpn networks are set ok in ISA.
S
-----Original Message-----
From: Mike Anderson [mailto:mike@xxxxxxxxxxxx]
Sent: Friday, November 12, 2004 8:48 AM
To: ISA Mailing List
Subject: [isalist] RE: Connecting 2 Remote VPN's together - HELP!
http://www.ISAserver.org
Well, after running all the VPN Wizards, etc. and after all Thomas's
articles, he said ISA Server is tightly integrated with RRAS -
I guess I don't understand your question - as ISA Server, immediately
activates and configures RRAS, the moment you create Remote Sites, or
anything VPN Related. This is the way it's always been, ever since I've
been using ISA 2000. Unless I am missing something here.
Now I am REALLY confused - you could clear that up?
Mike
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Friday, November 12, 2004 5:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connecting 2 Remote VPN's together - HELP!
http://www.ISAserver.org
Why are you using RRAS.
S
-----Original Message-----
From: Mike Anderson [mailto:mike@xxxxxxxxxxxx]
Sent: Friday, November 12, 2004 1:39 AM
To: ISA Mailing List
Subject: [isalist] Connecting 2 Remote VPN's together - HELP!
http://www.ISAserver.org
Hello All,
I am ready to shoot myself, I am so frustrated with this whole thing. I
read ALL the articles on the ISA Website, specifically written by Thomas
Shinder, and I STILL can't get this thing working. (btw, you are one
brilliant man, and I own ALL your books).
I have 2 Corporate Networks, each with it's own T-1 to the Internet,
running ISA Server 2004 as my firewall solution. I am pretty sure I
have all the filters properly setup, etc. so I need to now figure out,
if my problems are due to ISA or RRAS not being setup properly.
In the RRAS servers on each end, I have Routing Interfaces setup,
representing the remote sides of the connection. One end strictly calls
out, and the other end strictly receives the calls. To play it safe, I
created users on both servers, making sure they were identical to the
name of the Routing Interfaces I created. Well, I don't want to get
into too many details - the important thing is this:
I can get the 2 networks connected together just fine, and the link
stays up. Now, the ONLY IP addresses I can ping (and this goes for both
sides) are the primary IP's that are bound to the Internal NIC on the
opposite side. Rest assured, that I have permanent Static Routes
entered into RRAS, and the Routing Interface representing the remote
side, is the adapter that the route applies to.
What is causing me to not be able to ping anything BEYOND the ISA
Server? Again, from either the ISA Server itself, or an actual
workstation on the LAN, I am able to ping the other side of the
connection - yet the only IP's that respond, are the ones ONLY bound on
the Remote ISA Servers. It's almost as if Routing is simply not
forwarding the packets BEYOND the ISA Server - as my pings come back
"unreachable" if I try.
At this point, I am simply stumped, and not sure what to do. Any
suggestions, or troubleshooting techniques would be incredibly
appreciated. Even if I have to strip down the network, one component at
a time, until I get to the lowest common denominator - I will do what it
takes, to get the traffic routed 100% - going both ways.
Thanks for your help,
Mike
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------------------------
--------
This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.
Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum IT Solutions Ltd disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum IT
Solutions Ltd or its subsidiaries or affiliates.
administrator@xxxxxxxxxx
------------------------------------------------------------------------
--------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mike@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mike@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
