Nice tip! Thanks! Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Wednesday, June 28, 2006 9:19 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error establishing a VPN to the ISA server You'll still hit it. The router will be given the local IP just like a lappy would, and you'll hit it via the NAT'd connection. Do it all the time. t On 6/28/06 6:51 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all: What if that broadband router has to interact with a log on page? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Glenn P. JOHNSTON Sent: Tuesday, June 27, 2006 11:18 PM To: isalist@xxxxxxxxxxxxx Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server Plan is, I am going to take; 1. 2. A linksys 4 port BB router, to plug in between the hotels BB, and his notebook, which I think will do the trick nicely. 3. 4. 5. A wireless broadband card, just in case. 6. 7. 8. A second notebook with the companys SOE on it, also just in case. 9. 10. 11. My Wife, it will be a nice little day or two away for us. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God) Sent: Wed 28/Jun/2006 14:06 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error establishing a VPN to the ISA server http://www.ISAserver.org ------------------------------------------------------- You gonna add a new IP to the server, bring a little NAT router, or both? ;) t On 6/27/06 9:00 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh to all: > I don't believe it. > > I've just been offered a return first class plane ticket, a nights > accomodation, 2 nights if need be, all expenses + how ever many hours it takes > at my normal hourly rate to go see the director in person and fix this for him > so he can get his e-mail ! > > "Well I'll loose a whole day on this", "Fine, then charge us for every hour > your away, just get it fixed !" > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God) > Sent: Wed 28/Jun/2006 13:45 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN to the ISA server > > > > http://www.ISAserver.org > ------------------------------------------------------- > > OWA would be a great "backup" solution in the rare case where the local > Ethernet LAN is the same logical subnet as their own offices, even if he > couldn't sync. But, in your case of having a jackass for a client, you're > kind of stuck. > > An easier thing to do would be to get a little Linksys NAT router to stick > in between. Plug the hotel ethernet to the "Internet" port, and plug the > laptop into a "LAN" port. That way he'll get a local 192.168.1 address and > have no problems. Plus, there is no configuration needed at all. The > defaults will work just fine. Just plug it in and go. > > t > > > On 6/27/06 8:29 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh > to all: > >> I'm told he refuses to use OWA as he can't sync his mail with the OST on his >> notebook. There is just no helping some people, no matter how hard you try to >> be helpful and solve their problem, they just refuse all help on principle ! >> >> Also they passed on to me, that in his yelling and screaming his demanding to >> know 'Why someone did not realise this would happen, and get it fixed before >> hand, so I can get my e-mail" >> >> I really feel sorry for the IT guy at the site, his early 20's, finished a >> development oriented IT degree last year, is quite bright really, but is >> still >> just learning the finer points of the winserver environment, supporting XP >> etc, and it working toward his MCSE, having passed the first 2 exams in the >> last couple of months. He reports to this Director, and from what I can see, >> gets one hell of a serve from him as soon as anything a little bit odd >> occurs. >> >> I can't see a away around this, without the Director having to do something >> out of the ordinary, which apparently, is just not an option, and have just >> told them that. >> >> I've suggested the only possibly way, I can see, is to go out and purchase a >> wireless broadband card from someone local, get it on the net, set up a >> notebook with it and his e-mail, and get it express couriered to him. He'd >> have it early eveing or first thing in the morning. >> >> There was a chocking sound on the other end of the phone, "but then he'd have >> to carry 2 notebooks back ! " and "What do I do if he gets it and it does not >> work ?" .................................. >> >> Find another job came to mind.. >> >> ________________________________ >> >> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God) >> Sent: Wed 28/Jun/2006 12:49 >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Error establishing a VPN to the ISA server >> >> >> >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> Well, it would have worked other than the gw on the hotel being the same as >> the SBS box... Bad luck there. But, I've had to do this several times for >> the exact same scenario with my people. Seems the Marriott and I thought >> alike in our IP schemes ;) >> >> You could always just add another IP address to the SBS box (well, you could >> if it were a "regular" server install-- I don't know what you'd have to go >> through on SBS to do that.) That would work, though. >> >> Not much we can do about a guy who wants to scream more than get the job >> done, though. I'd tell him that if he wanted his email to STFU and do what >> was needed. It's not like it is anyone's "fault." There are other options >> you have, but they would all require him doing *something*. >> >> I'm assuming that OWA is not an option for some reason? >> >> t >> >> >> On 6/27/06 7:37 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh >> to all: >> >>> The internal IP of the SBS server is 192.168.110.2, G/W on the hotel BB >>> service is also 192.168.110.2 unfortunately ! >>> >>> I tried the static route on my home ADSL service by changing the internal >>> private IP to match the Hotel's to play with, and everything else works, I >>> can >>> get to the internet and other clients networks fine, but I can not get to >>> anything on the remote network after the tunnel is connected, of the client >>> with the problem. >>> >>> Putting the static route in I doubt will work anyway, the fellow will >>> probably >>> just yell and scream as soon as he is asked to do anything remotely >>> technical, >>> expecting it to be magically fixed from this end. >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God) >>> Sent: Wed 28/Jun/2006 12:27 >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Re: Error establishing a VPN to the ISA server >>> >>> >>> >>> http://www.ISAserver.org >>> ------------------------------------------------------- >>> >>> All he has to do is set a static route for the SBS box's IP to the gateway >>> address of the VPN endpoint. >>> >>> IOW, if the SBS box is 192.168.110.101, and his PPP VPN interface got >>> assigned something like 192.168.110.11 from the RRAS server (do an IP config >>> to see what ip his PPP adapter is, or look at the RRAS properties of the >>> connection) then you would have him do a: >>> >>> ROUTE -p add 192.168.110.101 mask 255.255.255.255 192.168.110.11 >>> >>> That way, when he attempts to access the SBS server, the request will route >>> down the VPN rather than broadcasting on the "local" 192.168.110.x network. >>> >>> t >>> >>> >>> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh >>> to all: >>> >>>> http://www.ISAserver.org >>>> ------------------------------------------------------- >>>> >>>> Hi, >>>> >>>> Maybe, maybe not directly and ISA question, and I've posted this in an SBS >>>> forum as well, but you people are pretty bright & I thought you might have >>>> some worth while input on this. >>>> >>>> One of my clients has an issue with VPN tunnel. This has been inplace since >>>> Sunday afternoon, but they only rang me this morning. >>>> >>>> One of their directors is at a week long conference, and the Hotel where he >>>> is >>>> staying, has provides an in room broadband service. >>>> The BroadBand in the hotel is using a 192.168.110.0/24 address range, the >>>> internal address of the clients network at the office is also a >>>> 192.168.110.0/24 range. >>>> >>>> The VPN tunnel establishes fine, and the VPN connector on his notebook get >>>> an >>>> address, of course, in the 192.168.110.100 to 192.168.110.199 range of the >>>> DHCP server on the SBS server. >>>> >>>> Once the tunnel is established, he can acess nothing on the SBS. This is to >>>> be >>>> expected as the address ranges are the same, does anyone have any bright >>>> idea's on how to get around this. The Director is yelling and screaming >>>> about >>>> not being able to get his e-mail. >>>> >>>> Unfortunately he is out out direct reach in another state, and has very >>>> little >>>> tolerance for such problems. >>>> >>>> Regards >>>> Glenn >>>> ------------------------------------------------------ >>>> List Archives: //www.freelists.org/archives/isalist/ >>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>>> ISA Server Articles and Tutorials: >>>> http://www.isaserver.org/articles_tutorials/ >>>> ISA Server Blogs: http://blogs.isaserver.org/ >>>> ------------------------------------------------------ >>>> Visit TechGenix.com for more information about our other sites: >>>> http://www.techgenix.com >>>> ------------------------------------------------------ >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>>> Report abuse to listadmin@xxxxxxxxxxxxx >>>> >>>> >>>> >>> >>> >>> ------------------------------------------------------ >>> List Archives: //www.freelists.org/archives/isalist/ >>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>> ISA Server Articles and Tutorials: >>> http://www.isaserver.org/articles_tutorials/ >>> ISA Server Blogs: http://blogs.isaserver.org/ >>> ------------------------------------------------------ >>> Visit TechGenix.com for more information about our other sites: >>> http://www.techgenix.com >>> ------------------------------------------------------ >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>> Report abuse to listadmin@xxxxxxxxxxxxx >>> >>> >>> >> >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx