Please copy the relevant log entries in your response; we can't solve this with piece-at-a-time information. You can also send me your ISAInfo and I can evaluate it against your stated objectives... ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Crockett, Gregory Sent: Mon 6/12/2006 5:48 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Jim, The state of the connection is "Failed Connection Attempt". The AP has IPSec capability. Should I configure with IPSec, the connection is allowed, and all is well. Does this not prove that routing exist between the ap and wireless switch? The IPSec configuration cost about $250 for each AP that connects using IPSec. GRE is a must. TIA greg -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 4:11 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Does the switch have a route to the wireless device through ISA? What else do the logs show besides "port 0" (there is no port for GRE)? IOW, what is the state of the connection? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 13:54 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Jim, I created the custom protocol -- same results. The log does show the protocol (47) being used -- sort of. The Source/Destinations Ports are both 0. On creating the protocol, "outbound" is not an option -- only "send" and "send receive". I tried them both. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 1:01 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Create a custom "raw" protocol using IP protocol 47 outbound. Use that protocol in the "allow" access rule from the device to the switch. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 10:50 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Yes, ISA is set as the default route on the AP. TIA greg -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 12:25 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- ?? "on ISA"? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 10:11 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Yes, on ISA as the default route. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 12:07 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- GRE is not TCP:47, but IP:47. Does the wireless device use ISA as the default route? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 09:57 To: isalist@xxxxxxxxxxxxx Subject: [isalist] GRE routing - Internal<->internal Hello all, I have a wireless device that needs to attach to a wireless switch, via GRE, on a different subnet. Any ideas on how I can do this? I created/allowed TCP 47 -- still no go. TIA greg ________________________________ Server Name Source Port Destination IP Destination Port Protocol Action Rule Client IP Source Network Destination Network Transport ISA 1024 192.168.2.1 123 NTP (UDP) Initiated Connection Wireless AP - Internal - Wireless 192.168.1.41 Internal Wireless UDP ISA 0 192.168.2.1 0 Unidentified IP Traffic Closed Connection Internal ->internal 192.168.1.41 Internal Wireless GRE All mail to and from this domain is scrutinized by the Scrutinizer. All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.