[isalist] Re: Error establishing a VPN to the ISA server
- From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 06:46:44 +1000
Both the new and old address were in the range configured on the ISA as
INTERNAL.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Wednesday, 28 June 2006 23:51
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA server
Did you add that address network ID to the definition of the ISA
firewall's default Internal Network?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Glenn P. JOHNSTON
Sent: Tuesday, June 27, 2006 11:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA
server
I've just tried adding second IP to the internal adaptor on my
play SBS server, and now I can't access it from the internal LAN It's no
longer responding on it's original address, only on the new 'second'
address, which is in the same /24 subnet
Anyone got some good oil on whether this is an expected SBS
characteristic ?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of
God)
Sent: Wed 28/Jun/2006 12:49
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA
server
http://www.ISAserver.org
-------------------------------------------------------
Well, it would have worked other than the gw on the hotel being
the same as
the SBS box... Bad luck there. But, I've had to do this several
times for
the exact same scenario with my people. Seems the Marriott and
I thought
alike in our IP schemes ;)
You could always just add another IP address to the SBS box
(well, you could
if it were a "regular" server install-- I don't know what you'd
have to go
through on SBS to do that.) That would work, though.
Not much we can do about a guy who wants to scream more than get
the job
done, though. I'd tell him that if he wanted his email to STFU
and do what
was needed. It's not like it is anyone's "fault." There are
other options
you have, but they would all require him doing *something*.
I'm assuming that OWA is not an option for some reason?
t
On 6/27/06 7:37 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
to all:
> The internal IP of the SBS server is 192.168.110.2, G/W on the
hotel BB
> service is also 192.168.110.2 unfortunately !
>
> I tried the static route on my home ADSL service by changing
the internal
> private IP to match the Hotel's to play with, and everything
else works, I can
> get to the internet and other clients networks fine, but I can
not get to
> anything on the remote network after the tunnel is connected,
of the client
> with the problem.
>
> Putting the static route in I doubt will work anyway, the
fellow will probably
> just yell and scream as soon as he is asked to do anything
remotely technical,
> expecting it to be magically fixed from this end.
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer
of God)
> Sent: Wed 28/Jun/2006 12:27
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a VPN to the ISA
server
>
>
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> All he has to do is set a static route for the SBS box's IP to
the gateway
> address of the VPN endpoint.
>
> IOW, if the SBS box is 192.168.110.101, and his PPP VPN
interface got
> assigned something like 192.168.110.11 from the RRAS server
(do an IP config
> to see what ip his PPP adapter is, or look at the RRAS
properties of the
> connection) then you would have him do a:
>
> ROUTE -p add 192.168.110.101 mask 255.255.255.255
192.168.110.11
>
> That way, when he attempts to access the SBS server, the
request will route
> down the VPN rather than broadcasting on the "local"
192.168.110.x network.
>
> t
>
>
> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
> to all:
>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Hi,
>>
>> Maybe, maybe not directly and ISA question, and I've posted
this in an SBS
>> forum as well, but you people are pretty bright & I thought
you might have
>> some worth while input on this.
>>
>> One of my clients has an issue with VPN tunnel. This has been
inplace since
>> Sunday afternoon, but they only rang me this morning.
>>
>> One of their directors is at a week long conference, and the
Hotel where he
>> is
>> staying, has provides an in room broadband service.
>> The BroadBand in the hotel is using a 192.168.110.0/24
address range, the
>> internal address of the clients network at the office is also
a
>> 192.168.110.0/24 range.
>>
>> The VPN tunnel establishes fine, and the VPN connector on
his notebook get
>> an
>> address, of course, in the 192.168.110.100 to 192.168.110.199
range of the
>> DHCP server on the SBS server.
>>
>> Once the tunnel is established, he can acess nothing on the
SBS. This is to
>> be
>> expected as the address ranges are the same, does anyone have
any bright
>> idea's on how to get around this. The Director is yelling and
screaming about
>> not being able to get his e-mail.
>>
>> Unfortunately he is out out direct reach in another state,
and has very
>> little
>> tolerance for such problems.
>>
>> Regards
>> Glenn
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other
sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other
sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
