[isalist] Re: Error establishing a VPN to the ISA server
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 07:30:42 -0400
There's nothing about SBS. It's that you've got ISA on your SBS server
and you don't on your Windows server.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Glenn P. JOHNSTON
Sent: Wednesday, June 28, 2006 2:41 AM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server
No I think this is something to do with SBS.
I put a second IP onto my play w3K standard server, and I get a ping
response on both the old, and the NEW IP address, in both cases, with
the new IP on the same sub set, and the new IP on a different subnet. I
can get a ping response on both IP's from an appropriately configured
notebook, and can attach to fileshares, echange SQL exactly like you'd
expect to be able to.
But, do the same thing on my play SBS 2003 premium server, and I only
get a response on the NEW address, the server stops responding to PING's
on the old address, whether it's on the same or different subnet. and of
course, I can connect to nothing on the OLD IP !!
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Wed 28/Jun/2006 15:39
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server
it's not about SBS; it's about basic TCP/IP routing.
If the client thinks it has the same network "here" and "there"; it'll
always use "here" to reach IPs in that subnet.
Use the diffrent subnet suggestion; it works.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Glenn P. JOHNSTON
Sent: Tue 6/27/2006 9:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server
I've just tried adding second IP to the internal adaptor on my play SBS
server, and now I can't access it from the internal LAN It's no longer
responding on it's original address, only on the new 'second' address,
which is in the same /24 subnet
Anyone got some good oil on whether this is an expected SBS
characteristic ?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God)
Sent: Wed 28/Jun/2006 12:49
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA server
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Well, it would have worked other than the gw on the hotel being the same
as
the SBS box... Bad luck there. But, I've had to do this several times
for
the exact same scenario with my people. Seems the Marriott and I
thought
alike in our IP schemes ;)
You could always just add another IP address to the SBS box (well, you
could
if it were a "regular" server install-- I don't know what you'd have to
go
through on SBS to do that.) That would work, though.
Not much we can do about a guy who wants to scream more than get the job
done, though. I'd tell him that if he wanted his email to STFU and do
what
was needed. It's not like it is anyone's "fault." There are other
options
you have, but they would all require him doing *something*.
I'm assuming that OWA is not an option for some reason?
t
On 6/27/06 7:37 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
spoketh
to all:
> The internal IP of the SBS server is 192.168.110.2, G/W on the hotel
BB
> service is also 192.168.110.2 unfortunately !
>
> I tried the static route on my home ADSL service by changing the
internal
> private IP to match the Hotel's to play with, and everything else
works, I can
> get to the internet and other clients networks fine, but I can not get
to
> anything on the remote network after the tunnel is connected, of the
client
> with the problem.
>
> Putting the static route in I doubt will work anyway, the fellow will
probably
> just yell and scream as soon as he is asked to do anything remotely
technical,
> expecting it to be magically fixed from this end.
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God)
> Sent: Wed 28/Jun/2006 12:27
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a VPN to the ISA server
>
>
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> All he has to do is set a static route for the SBS box's IP to the
gateway
> address of the VPN endpoint.
>
> IOW, if the SBS box is 192.168.110.101, and his PPP VPN interface got
> assigned something like 192.168.110.11 from the RRAS server (do an IP
config
> to see what ip his PPP adapter is, or look at the RRAS properties of
the
> connection) then you would have him do a:
>
> ROUTE -p add 192.168.110.101 mask 255.255.255.255 192.168.110.11
>
> That way, when he attempts to access the SBS server, the request will
route
> down the VPN rather than broadcasting on the "local" 192.168.110.x
network.
>
> t
>
>
> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
spoketh
> to all:
>
>> http://www.ISAserver.org <http://www.isaserver.org/>
>> -------------------------------------------------------
>>
>> Hi,
>>
>> Maybe, maybe not directly and ISA question, and I've posted this in
an SBS
>> forum as well, but you people are pretty bright & I thought you might
have
>> some worth while input on this.
>>
>> One of my clients has an issue with VPN tunnel. This has been inplace
since
>> Sunday afternoon, but they only rang me this morning.
>>
>> One of their directors is at a week long conference, and the Hotel
where he
>> is
>> staying, has provides an in room broadband service.
>> The BroadBand in the hotel is using a 192.168.110.0/24 address range,
the
>> internal address of the clients network at the office is also a
>> 192.168.110.0/24 range.
>>
>> The VPN tunnel establishes fine, and the VPN connector on his
notebook get
>> an
>> address, of course, in the 192.168.110.100 to 192.168.110.199 range
of the
>> DHCP server on the SBS server.
>>
>> Once the tunnel is established, he can acess nothing on the SBS. This
is to
>> be
>> expected as the address ranges are the same, does anyone have any
bright
>> idea's on how to get around this. The Director is yelling and
screaming about
>> not being able to get his e-mail.
>>
>> Unfortunately he is out out direct reach in another state, and has
very
>> little
>> tolerance for such problems.
>>
>> Regards
>> Glenn
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com <http://www.techgenix.com/>
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
