The test machine is an Aruba thin AP. The closes variable of a computer name is a location code - it is unique. Just is case, I changed the code - same result. No, the test machine is not connected to both networks simultaneously - it is connected to a Static VLAN port on a Cisco 2950. Now, the wireless switch port is trunked with 802.1q. It, too, is connected to the same Cisco. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, June 12, 2006 4:59 PM To: isalist@xxxxxxxxxxxxx Subject: RE: [isalist] Re: GRE routing - Internal<->internal That Failure code resolves to: "You were not connected because a duplicate name exists on the network. Go to System in Control Panel to change the computer name and try again.". This test machine isn't connected to both networks simultaneously, is it? ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Crockett, Gregory Sent: Mon 6/12/2006 12:48 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal Jim, Thanx Here the log. I will send the ISAInfo directly to you. TIA Greg Server Name Log Record Type Log Time Result Code Source Port Destination IP Destination Port Protocol Action Rule Client IP Source Network Destination Network Transport ROXY Firewall 2:16:27 PM 0x80074e20 1025 192.168.252.2 514 514 udp Closed Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless UDP ROXY Firewall 2:16:27 PM 0x80074e20 8211 192.168.252.2 8211 8211 Closed Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless UDP ROXY Firewall 2:16:30 PM 0x80074e20 0 192.168.252.2 0 GRE - IP:47 Closed Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless GRE ROXY Firewall 2:16:45 PM 0x0 1024 192.168.252.2 123 NTP (UDP) Initiated Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless UDP ROXY Firewall 2:16:47 PM 0x0 1025 192.168.252.2 514 514 udp Initiated Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless UDP ROXY Firewall 2:16:47 PM 0x0 8211 192.168.252.2 8211 8211 Initiated Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless UDP ROXY Firewall 2:16:49 PM 0x0 0 192.168.252.2 0 GRE - IP:47 Initiated Connection Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless GRE ROXY Firewall 2:16:49 PM 0x80070034 0 192.168.252.2 0 GRE - IP:47 Failed Connection Attempt Wireless AP - Internal - Wireless 192.168.113.41 Internal Wireless GRE ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, June 12, 2006 1:54 PM To: isalist@xxxxxxxxxxxxx Subject: RE: [isalist] Re: GRE routing - Internal<->internal Please copy the relevant log entries in your response; we can't solve this with piece-at-a-time information. You can also send me your ISAInfo and I can evaluate it against your stated objectives... ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Crockett, Gregory Sent: Mon 6/12/2006 5:48 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Jim, The state of the connection is "Failed Connection Attempt". The AP has IPSec capability. Should I configure with IPSec, the connection is allowed, and all is well. Does this not prove that routing exist between the ap and wireless switch? The IPSec configuration cost about $250 for each AP that connects using IPSec. GRE is a must. TIA greg -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 4:11 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Does the switch have a route to the wireless device through ISA? What else do the logs show besides "port 0" (there is no port for GRE)? IOW, what is the state of the connection? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 13:54 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Jim, I created the custom protocol -- same results. The log does show the protocol (47) being used -- sort of. The Source/Destinations Ports are both 0. On creating the protocol, "outbound" is not an option -- only "send" and "send receive". I tried them both. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 1:01 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Create a custom "raw" protocol using IP protocol 47 outbound. Use that protocol in the "allow" access rule from the device to the switch. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 10:50 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Yes, ISA is set as the default route on the AP. TIA greg -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 12:25 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- ?? "on ISA"? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 10:11 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- Yes, on ISA as the default route. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, June 08, 2006 12:07 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: GRE routing - Internal<->internal http://www.ISAserver.org <http://www.isaserver.org/> ------------------------------------------------------- GRE is not TCP:47, but IP:47. Does the wireless device use ISA as the default route? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Crockett, Gregory Sent: Thursday, June 08, 2006 09:57 To: isalist@xxxxxxxxxxxxx Subject: [isalist] GRE routing - Internal<->internal Hello all, I have a wireless device that needs to attach to a wireless switch, via GRE, on a different subnet. Any ideas on how I can do this? I created/allowed TCP 47 -- still no go. TIA greg ________________________________ Server Name Source Port Destination IP Destination Port Protocol Action Rule Client IP Source Network Destination Network Transport ISA 1024 192.168.2.1 123 NTP (UDP) Initiated Connection Wireless AP - Internal - Wireless 192.168.1.41 Internal Wireless UDP ISA 0 192.168.2.1 0 Unidentified IP Traffic Closed Connection Internal ->internal 192.168.1.41 Internal Wireless GRE All mail to and from this domain is scrutinized by the Scrutinizer. All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is scrutinized by the Scrutinizer. All mail to and from this domain is scrutinized by the Scrutinizer.