[isalist] Re: GRE routing - Internal<->internal
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 12 Jun 2006 11:53:54 -0700
Please copy the relevant log entries in your response; we can't solve this with
piece-at-a-time information.
You can also send me your ISAInfo and I can evaluate it against your stated
objectives...
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Crockett, Gregory
Sent: Mon 6/12/2006 5:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Jim,
The state of the connection is "Failed Connection Attempt". The AP has
IPSec capability. Should I configure with IPSec, the connection is
allowed, and all is well. Does this not prove that routing exist
between the ap and wireless switch? The IPSec configuration cost about
$250 for each AP that connects using IPSec. GRE is a must.
TIA
greg
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, June 08, 2006 4:11 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Does the switch have a route to the wireless device through ISA?
What else do the logs show besides "port 0" (there is no port for GRE)?
IOW, what is the state of the connection?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Crockett, Gregory
Sent: Thursday, June 08, 2006 13:54
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Jim,
I created the custom protocol -- same results. The log does show the
protocol (47) being used -- sort of. The Source/Destinations Ports are
both 0.
On creating the protocol, "outbound" is not an option -- only "send" and
"send receive". I tried them both.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, June 08, 2006 1:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Create a custom "raw" protocol using IP protocol 47 outbound.
Use that protocol in the "allow" access rule from the device to the
switch.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Crockett, Gregory
Sent: Thursday, June 08, 2006 10:50
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Yes, ISA is set as the default route on the AP.
TIA
greg
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, June 08, 2006 12:25 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
??
"on ISA"?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Crockett, Gregory
Sent: Thursday, June 08, 2006 10:11
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Yes, on ISA as the default route.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, June 08, 2006 12:07 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: GRE routing - Internal<->internal
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
GRE is not TCP:47, but IP:47.
Does the wireless device use ISA as the default route?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Crockett, Gregory
Sent: Thursday, June 08, 2006 09:57
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] GRE routing - Internal<->internal
Hello all,
I have a wireless device that needs to attach to a wireless switch, via
GRE, on a different subnet. Any ideas on how I can do this? I
created/allowed TCP 47 -- still no go.
TIA
greg
________________________________
Server Name Source Port Destination IP Destination Port
Protocol Action Rule Client IP Source Network
Destination Network Transport
ISA 1024 192.168.2.1 123 NTP (UDP) Initiated
Connection Wireless AP - Internal - Wireless 192.168.1.41
Internal Wireless UDP
ISA 0 192.168.2.1 0 Unidentified IP Traffic
Closed Connection Internal ->internal 192.168.1.41
Internal Wireless GRE
All mail to and from this domain is scrutinized by the Scrutinizer.
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is scrutinized by the Scrutinizer.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is scrutinized by the Scrutinizer.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is scrutinized by the Scrutinizer.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is scrutinized by the Scrutinizer.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
