ISA-to-ISA VPN
- From: "Friese, Casey" <cfriese@xxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 Feb 2003 09:54:30 -0500
Greetings,
Setup:
Remote Office:
ISA acting as Firewall/Caching server - standalone
2 NICS
North=64.18.xxx.xxx
South=10.116.1.1
VPN Endpoint is ISA is Corporate Office
Client behind ISA receive DHCP addresses from the ISA itself.
VPN connection from the Corporate Office receives DHCP address from this
ISA
Corporate Office:
ISA acting as Firewall/Caching server - member of domain
3 NICS
North=65.168.xx.xx
South=10.128.3.4
DMZ=10.114.1.1
ISA services client VPN connections & Site-to-Site with 1 remote office
Clients and remote office receive IP addresses from DHCP server behind
ISA
Problem:
Every day for the past 2 weeks I have been noticing a 100% packet loss
between 4pm and 4:30pm.
During this loss both sites can still access the internet, use e-mail
through pop and can ping eachother's IP that is used as the endpoint
but, I can't communicate through the tunnel.
I initally blamed this on the crapy DSL connection of the remote office
but because the users in that office can do everything on the internet
during the interruption - I have recanted that blame.
Now, I believe this has something to do with a DHCP issue. Even though
the DHCP configuration on each side is not set to expire for 8 days, I
believe the IP's used for the tunnel are expiring and renewing. This
may not totally be the issue however. The event logs on the remote ISA
are displaying DHCP maintenance messages for clean up of multicast IP
addresses. This maintenance is happing at roughly the same time the
packet loss is occuring. So I know, it aleast has something to do with
DHCP.
Question:
To bypass the problem altogether, is it plausible to just set a static
IP for each tunnel's interface in RRAS? Or, is there something else
that is recommended?
Thanks,
Casey
Other related posts:
