[isalist] Re: Error establishing a VPN to the ISA server
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 09:31:02 -0500
Nice tip!
Thanks!
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
Sent: Wednesday, June 28, 2006 9:19 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA
server
You'll still hit it. The router will be given the local IP just
like a lappy would, and you'll hit it via the NAT'd connection. Do it
all the time.
t
On 6/28/06 6:51 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
spoketh to all:
What if that broadband router has to interact with a log
on page?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Glenn P. JOHNSTON
Sent: Tuesday, June 27, 2006 11:18 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a
VPN to the ISA server
Plan is, I am going to take;
1.
2. A linksys 4 port BB router, to plug in
between the hotels BB, and his notebook, which I think will do the
trick nicely.
3.
4.
5. A wireless broadband card, just in
case.
6.
7.
8. A second notebook with the companys SOE
on it, also just in case.
9.
10.
11. My Wife, it will be a nice little day or
two away for us.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of
Thor (Hammer of God)
Sent: Wed 28/Jun/2006 14:06
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN
to the ISA server
http://www.ISAserver.org
-------------------------------------------------------
You gonna add a new IP to the server, bring a
little NAT router, or both? ;)
t
On 6/27/06 9:00 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
to all:
> I don't believe it.
>
> I've just been offered a return first class
plane ticket, a nights
> accomodation, 2 nights if need be, all
expenses + how ever many hours it takes
> at my normal hourly rate to go see the
director in person and fix this for him
> so he can get his e-mail !
>
> "Well I'll loose a whole day on this", "Fine,
then charge us for every hour
> your away, just get it fixed !"
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf
of Thor (Hammer of God)
> Sent: Wed 28/Jun/2006 13:45
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a
VPN to the ISA server
>
>
>
> http://www.ISAserver.org
>
-------------------------------------------------------
>
> OWA would be a great "backup" solution in the
rare case where the local
> Ethernet LAN is the same logical subnet as
their own offices, even if he
> couldn't sync. But, in your case of having a
jackass for a client, you're
> kind of stuck.
>
> An easier thing to do would be to get a
little Linksys NAT router to stick
> in between. Plug the hotel ethernet to the
"Internet" port, and plug the
> laptop into a "LAN" port. That way he'll get
a local 192.168.1 address and
> have no problems. Plus, there is no
configuration needed at all. The
> defaults will work just fine. Just plug it
in and go.
>
> t
>
>
> On 6/27/06 8:29 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
> to all:
>
>> I'm told he refuses to use OWA as he can't
sync his mail with the OST on his
>> notebook. There is just no helping some
people, no matter how hard you try to
>> be helpful and solve their problem, they
just refuse all help on principle !
>>
>> Also they passed on to me, that in his
yelling and screaming his demanding to
>> know 'Why someone did not realise this would
happen, and get it fixed before
>> hand, so I can get my e-mail"
>>
>> I really feel sorry for the IT guy at the
site, his early 20's, finished a
>> development oriented IT degree last year, is
quite bright really, but is
>> still
>> just learning the finer points of the
winserver environment, supporting XP
>> etc, and it working toward his MCSE, having
passed the first 2 exams in the
>> last couple of months. He reports to this
Director, and from what I can see,
>> gets one hell of a serve from him as soon as
anything a little bit odd
>> occurs.
>>
>> I can't see a away around this, without the
Director having to do something
>> out of the ordinary, which apparently, is
just not an option, and have just
>> told them that.
>>
>> I've suggested the only possibly way, I can
see, is to go out and purchase a
>> wireless broadband card from someone local,
get it on the net, set up a
>> notebook with it and his e-mail, and get it
express couriered to him. He'd
>> have it early eveing or first thing in the
morning.
>>
>> There was a chocking sound on the other end
of the phone, "but then he'd have
>> to carry 2 notebooks back ! " and "What do I
do if he gets it and it does not
>> work ?" ..................................
>>
>> Find another job came to mind..
>>
>> ________________________________
>>
>> From: isalist-bounce@xxxxxxxxxxxxx on behalf
of Thor (Hammer of God)
>> Sent: Wed 28/Jun/2006 12:49
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Error establishing a
VPN to the ISA server
>>
>>
>>
>> http://www.ISAserver.org
>>
-------------------------------------------------------
>>
>> Well, it would have worked other than the gw
on the hotel being the same as
>> the SBS box... Bad luck there. But, I've had
to do this several times for
>> the exact same scenario with my people.
Seems the Marriott and I thought
>> alike in our IP schemes ;)
>>
>> You could always just add another IP address
to the SBS box (well, you could
>> if it were a "regular" server install-- I
don't know what you'd have to go
>> through on SBS to do that.) That would
work, though.
>>
>> Not much we can do about a guy who wants to
scream more than get the job
>> done, though. I'd tell him that if he
wanted his email to STFU and do what
>> was needed. It's not like it is anyone's
"fault." There are other options
>> you have, but they would all require him
doing *something*.
>>
>> I'm assuming that OWA is not an option for
some reason?
>>
>> t
>>
>>
>> On 6/27/06 7:37 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
>> to all:
>>
>>> The internal IP of the SBS server is
192.168.110.2, G/W on the hotel BB
>>> service is also 192.168.110.2 unfortunately
!
>>>
>>> I tried the static route on my home ADSL
service by changing the internal
>>> private IP to match the Hotel's to play
with, and everything else works, I
>>> can
>>> get to the internet and other clients
networks fine, but I can not get to
>>> anything on the remote network after the
tunnel is connected, of the client
>>> with the problem.
>>>
>>> Putting the static route in I doubt will
work anyway, the fellow will
>>> probably
>>> just yell and scream as soon as he is asked
to do anything remotely
>>> technical,
>>> expecting it to be magically fixed from
this end.
>>>
>>> ________________________________
>>>
>>> From: isalist-bounce@xxxxxxxxxxxxx on
behalf of Thor (Hammer of God)
>>> Sent: Wed 28/Jun/2006 12:27
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Re: Error establishing a
VPN to the ISA server
>>>
>>>
>>>
>>> http://www.ISAserver.org
>>>
-------------------------------------------------------
>>>
>>> All he has to do is set a static route for
the SBS box's IP to the gateway
>>> address of the VPN endpoint.
>>>
>>> IOW, if the SBS box is 192.168.110.101, and
his PPP VPN interface got
>>> assigned something like 192.168.110.11 from
the RRAS server (do an IP config
>>> to see what ip his PPP adapter is, or look
at the RRAS properties of the
>>> connection) then you would have him do a:
>>>
>>> ROUTE -p add 192.168.110.101 mask
255.255.255.255 192.168.110.11
>>>
>>> That way, when he attempts to access the
SBS server, the request will route
>>> down the VPN rather than broadcasting on
the "local" 192.168.110.x network.
>>>
>>> t
>>>
>>>
>>> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
>>> to all:
>>>
>>>> http://www.ISAserver.org
>>>>
-------------------------------------------------------
>>>>
>>>> Hi,
>>>>
>>>> Maybe, maybe not directly and ISA
question, and I've posted this in an SBS
>>>> forum as well, but you people are pretty
bright & I thought you might have
>>>> some worth while input on this.
>>>>
>>>> One of my clients has an issue with VPN
tunnel. This has been inplace since
>>>> Sunday afternoon, but they only rang me
this morning.
>>>>
>>>> One of their directors is at a week long
conference, and the Hotel where he
>>>> is
>>>> staying, has provides an in room broadband
service.
>>>> The BroadBand in the hotel is using a
192.168.110.0/24 address range, the
>>>> internal address of the clients network at
the office is also a
>>>> 192.168.110.0/24 range.
>>>>
>>>> The VPN tunnel establishes fine, and the
VPN connector on his notebook get
>>>> an
>>>> address, of course, in the 192.168.110.100
to 192.168.110.199 range of the
>>>> DHCP server on the SBS server.
>>>>
>>>> Once the tunnel is established, he can
acess nothing on the SBS. This is to
>>>> be
>>>> expected as the address ranges are the
same, does anyone have any bright
>>>> idea's on how to get around this. The
Director is yelling and screaming
>>>> about
>>>> not being able to get his e-mail.
>>>>
>>>> Unfortunately he is out out direct reach
in another state, and has very
>>>> little
>>>> tolerance for such problems.
>>>>
>>>> Regards
>>>> Glenn
>>>>
------------------------------------------------------
>>>> List Archives:
//www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>>
http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs:
http://blogs.isaserver.org/
>>>>
------------------------------------------------------
>>>> Visit TechGenix.com for more information
about our other sites:
>>>> http://www.techgenix.com
>>>>
------------------------------------------------------
>>>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>>
>>>>
>>>>
>>>
>>>
>>>
------------------------------------------------------
>>> List Archives:
//www.freelists.org/archives/isalist/
>>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs:
http://blogs.isaserver.org/
>>>
------------------------------------------------------
>>> Visit TechGenix.com for more information
about our other sites:
>>> http://www.techgenix.com
>>>
------------------------------------------------------
>>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>
>>>
>>>
>>
>>
>>
------------------------------------------------------
>> List Archives:
//www.freelists.org/archives/isalist/
>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs:
http://blogs.isaserver.org/
>>
------------------------------------------------------
>> Visit TechGenix.com for more information
about our other sites:
>> http://www.techgenix.com
>>
------------------------------------------------------
>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
>
------------------------------------------------------
> List Archives:
//www.freelists.org/archives/isalist/
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
>
------------------------------------------------------
> Visit TechGenix.com for more information
about our other sites:
> http://www.techgenix.com
>
------------------------------------------------------
> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives:
//www.freelists.org/archives/isalist/
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about
our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
