Re: ISA and VPN

• From: "Brad Benz" <bbenz@xxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 25 Dec 2001 13:58:19 -0700

You want the ISA server's default gateway to be the interface TO the ISP, NOT 
at the other end of the VPN tunnel.


You can verify that this is happening by running a "route print" at a command 
prompt before dialing the VPN connection, and again after. You will notice the 
default route (0.0.0.0 mask 0.0.0.0) changes when the VPN is connected. 

Clearing the checkbox as shown below will allow you to have full connection to 
the VPN, and route all non-local and non-VPN traffic out to the satellite link. 
The ISA server's routing table will be updated with routes available via VPN, 
but still route all non-local traffic out it's external interface

I'm running this exact setup at a client using "Startband" satellite ISP from 
Dish Networks. 


Try it, You'll see..

Brad Benz
MCSE(2K), CCNA, CCDA, CIPT
Voice/Data Integration Engineer
inTouch Solutions
Boise, ID 83708
208.947.6786
bbenz@xxxxxxxxxxxxxxxxxxx

-----Original Message-----
From: Bogdan Florin [mailto:florinb@xxxxxxxxxxx]
Sent: Tuesday, December 25, 2001 12:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA and VPN


http://www.ISAserver.org


Of course it is using the default gateway because this is the way of 
having Internet traffic trought Satellite Provider !

If I establish the VPN "WITHOUT USING the default gateway from the remote 
network" than I will do traffic on usual LINE but having a VPN LINK 
ESTABLISHED without ANY REASON.

Than strange thing it is that AFTER VPN established, (of course the 
default gateway are changed) ISA dosesent work for FTP download. ANY FTP 
sites when accesed reply with this message:

ISA Server: extended error message :
200 Type set to A.
502 Illegal PORT Command

Or .. I get : Timed out !

All this on Client computers.

Bogdan


-----Original Message-----
From: "Brad Benz" <bbenz@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 25 Dec 2001 08:28:08 -0700
Subject: [isalist] Re: ISA and VPN

> http://www.ISAserver.org
> 
> 
> Your VPN connection is using the default gateway of the network you are
> dialing in to. To fix:
> 
> Open the Properties for your VPN connection
> Click the "Networking" tab
> Select "Internet Protocol-TCP/IP", then click the "Properties" button
> Click the "Advanced" Button
> On the "General" tab, clear the "Use default gateway on remote network"
> checkbox
> 
> Brad Benz
> MCSE(2K), CCNA, CCDA, CIPT
> Voice/Data Integration Engineer
> inTouch Solutions
> Boise, ID 83708
> 208.947.6786
> bbenz@xxxxxxxxxxxxxxxxxxx
> 
> -----Original Message-----
> From: Bogdan Florin [mailto:florinb@xxxxxxxxxxx]
> Sent: Tuesday, December 25, 2001 4:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA and VPN
> 
> 
> http://www.ISAserver.org
> 
> 
> Out ISA server it have a Satellite Dish installed and a DVB card.
> I use a VPN to stablish the link betwen ISA and Satellite Internet 
> Provider. After stablish the VPN with RRAS I got new DEFAULT GATEWAY on
> that machine and UNABLE TO ACCES ANY FTP Sites.
> 
> I will red your advices.
> 
> Please advice more.
> 
> Thank you.
> Bogdan
> 
> -----Original Message-----
> From: "Mark Strangways" <strangconst@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Date: Mon, 24 Dec 2001 08:52:09 -0500
> Subject: [isalist] Re: ISA and VPN
> 
> > http://www.ISAserver.org
> > 
> > 
> > Are you using the VPN connection for internet access ?
> > There is some info about certain requirements to use the internet
> thru
> > a VPN
> > connection, I believe these are in the "Learning Zone" of ISA server.
> > You might take a look atthe doc's there, and try Microsoft's support
> > web
> > site as well.
> > 
> > Regards,
> > Mark
> > ----- Original Message -----
> > From: "Bogdan Florin" <florinb@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Monday, December 24, 2001 7:30 AM
> > Subject: [isalist] ISA and VPN
> > 
> > 
> > > http://www.ISAserver.org
> > >
> > >
> > > I have a ISA server. Works perfectly as WEB and FTP proxy.
> > > After I establish a VPN to a satellite Internet provider I'm uable
> to
> > > acces any FTP site.
> > >
> > > Anyone have som ideea ? I fight with this from long time.
> > >
> > > Bogdan
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> > as:
> > strangconst@xxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > >
> > 
> > 
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > florinb@xxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> 
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bbenz@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> florinb@xxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
bbenz@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN

1. Home
2. isalist
3. Archive
4. 12-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---