Re: Internet Access through RAS or VPN

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 14 Nov 2001 08:54:27 -0800

Inline...

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG


----- Original Message -----
From: "jeff hooper" <jeff.hooper@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, November 14, 2001 08:05
Subject: [isalist] Internet Access through RAS or VPN


http://www.ISAserver.org


Routing and Remote access is setup on a box with ISA server in firewall
mode.  The VPN and Modem pool work great.  I want the people that dial-in
to be able to get back out and surf.  Right now the only way I can get
this to work is with the Firewall client.  Here is the setup.

Internal interface has static routes to everything.

* if you're using RRAS, make your routes in there; not in the "route -p add"
command

External interface has default gateway on it.

RAS Users get private IP when they dial-in ie. 172.20.20.2-254

* is this subnet in the LAT?

I have tried both selecting the RRAS as router w/lan and demand-dial
routing, with remote access server always selected.

I have setup a client access group with the IP's of my dial-in users, to
allow all protocols, and all sites.  (This is what lets my Firewall client
users out, but doesn't let my RAS users be SNAT clients for some reason.)

*RRAS clients can't be SNAT because they use their own IP address as the
default gateway

another option is I have a different ISA server that is my default gateway
that the SNAT is working on, but if I remove my default gateway from the
external interface of course the external VPN can't get it because it
won't talk to the outside.. but Dial-in came get out through the other ISA
server.

Check out Tom's article on RRAS clients
http://isaserver.org/shinder/tutorials/ie_vpn_settings.htm

Having a mental block, please help. Thanks JH

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » RE: Internet Access through RAS or VPN
• » Re: Internet Access through RAS or VPN
• » Internet Access through RAS or VPN
• » Re: Internet Access through RAS or VPN
• » Re: Internet Access through RAS or VPN
• » Re: Internet Access through RAS or VPN
• » Re: Internet Access through RAS or VPN

1. Home
2. isalist
3. Archive
4. 11-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---