Re: ISA and VPN

• From: "Brad Benz" <bbenz@xxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 27 Dec 2001 09:41:54 -0700

Yes, I did. The workaround was to create a set of rules allowing traffic to the 
port the "Starband Accelerator Tunnel" uses, which I don't recall off the top 
of my head. 

After the protocol definitions/rules are in place, have ISA chain all request 
to "localhost" and the port you defined above. 

This will let ISA run the show security-wise, and still run all traffic through 
Starbands "Accelerator" tunnel.

Sorry I can't be more detailed, but it was a while ago...

Brad

-----Original Message-----
From: Sheldon [mailto:swt@xxxxxxxxxxxxx]
Sent: Wednesday, December 26, 2001 10:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA and VPN


http://www.ISAserver.org


Hey Brad.  I'm messing around with Starband on my test network.  I had
their 180 unit connecting via ethernet to my ISA server and it actually
worked great for me.  Last week they shut down the 180 connection and I
had to change to their 360 unit on Monday (notice that they shutdown the
180 connection last week, but I didn't receive the 360 replacement unit
until this week!).  

So far, whenever I have ISA services running, it kills a port(s) that
Starband's software uses and shuts down my connection.  As long as ISA
is not installed or running on the server, I can use the Starband
connection with no problems (sharing it to my test network using NAT on
Routing & Remote).  I'd really like to get back to using ISA again, but
haven't taken the time to figure out what port is causing the problem.

Did you run into anything like that for your client?

Sheldon



-----Original Message-----
From: Brad Benz [mailto:bbenz@xxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, December 25, 2001 3:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA and VPN

http://www.ISAserver.org


You want the ISA server's default gateway to be the interface TO the
ISP, NOT at the other end of the VPN tunnel.


You can verify that this is happening by running a "route print" at a
command prompt before dialing the VPN connection, and again after. You
will notice the default route (0.0.0.0 mask 0.0.0.0) changes when the
VPN is connected. 

Clearing the checkbox as shown below will allow you to have full
connection to the VPN, and route all non-local and non-VPN traffic out
to the satellite link. The ISA server's routing table will be updated
with routes available via VPN, but still route all non-local traffic out
it's external interface

I'm running this exact setup at a client using "Startband" satellite ISP
from Dish Networks. 


Try it, You'll see..

Brad Benz
MCSE(2K), CCNA, CCDA, CIPT
Voice/Data Integration Engineer
inTouch Solutions
Boise, ID 83708
208.947.6786
bbenz@xxxxxxxxxxxxxxxxxxx

-----Original Message-----
From: Bogdan Florin [mailto:florinb@xxxxxxxxxxx]
Sent: Tuesday, December 25, 2001 12:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA and VPN


http://www.ISAserver.org


Of course it is using the default gateway because this is the way of 
having Internet traffic trought Satellite Provider !

If I establish the VPN "WITHOUT USING the default gateway from the
remote 
network" than I will do traffic on usual LINE but having a VPN LINK 
ESTABLISHED without ANY REASON.

Than strange thing it is that AFTER VPN established, (of course the 
default gateway are changed) ISA dosesent work for FTP download. ANY FTP

sites when accesed reply with this message:

ISA Server: extended error message :
200 Type set to A.
502 Illegal PORT Command

Or .. I get : Timed out !

All this on Client computers.

Bogdan


-----Original Message-----
From: "Brad Benz" <bbenz@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 25 Dec 2001 08:28:08 -0700
Subject: [isalist] Re: ISA and VPN

> http://www.ISAserver.org
> 
> 
> Your VPN connection is using the default gateway of the network you
are
> dialing in to. To fix:
> 
> Open the Properties for your VPN connection
> Click the "Networking" tab
> Select "Internet Protocol-TCP/IP", then click the "Properties" button
> Click the "Advanced" Button
> On the "General" tab, clear the "Use default gateway on remote
network"
> checkbox
> 
> Brad Benz
> MCSE(2K), CCNA, CCDA, CIPT
> Voice/Data Integration Engineer
> inTouch Solutions
> Boise, ID 83708
> 208.947.6786
> bbenz@xxxxxxxxxxxxxxxxxxx
> 
> -----Original Message-----
> From: Bogdan Florin [mailto:florinb@xxxxxxxxxxx]
> Sent: Tuesday, December 25, 2001 4:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA and VPN
> 
> 
> http://www.ISAserver.org
> 
> 
> Out ISA server it have a Satellite Dish installed and a DVB card.
> I use a VPN to stablish the link betwen ISA and Satellite Internet 
> Provider. After stablish the VPN with RRAS I got new DEFAULT GATEWAY
on
> that machine and UNABLE TO ACCES ANY FTP Sites.
> 
> I will red your advices.
> 
> Please advice more.
> 
> Thank you.
> Bogdan
> 
> -----Original Message-----
> From: "Mark Strangways" <strangconst@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Date: Mon, 24 Dec 2001 08:52:09 -0500
> Subject: [isalist] Re: ISA and VPN
> 
> > http://www.ISAserver.org
> > 
> > 
> > Are you using the VPN connection for internet access ?
> > There is some info about certain requirements to use the internet
> thru
> > a VPN
> > connection, I believe these are in the "Learning Zone" of ISA
server.
> > You might take a look atthe doc's there, and try Microsoft's support
> > web
> > site as well.
> > 
> > Regards,
> > Mark
> > ----- Original Message -----
> > From: "Bogdan Florin" <florinb@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Monday, December 24, 2001 7:30 AM
> > Subject: [isalist] ISA and VPN
> > 
> > 
> > > http://www.ISAserver.org
> > >
> > >
> > > I have a ISA server. Works perfectly as WEB and FTP proxy.
> > > After I establish a VPN to a satellite Internet provider I'm uable
> to
> > > acces any FTP site.
> > >
> > > Anyone have som ideea ? I fight with this from long time.
> > >
> > > Bogdan
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> > as:
> > strangconst@xxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > >
> > 
> > 
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > florinb@xxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> 
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bbenz@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> florinb@xxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bbenz@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
swt@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
bbenz@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN
• » Re: ISA and VPN

1. Home
2. isalist
3. Archive
4. 12-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---