Remote Site may use this tunnel as it's default gateway...
- From: "Boudewijn Plomp" <wbplomp@xxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 2 Mar 2005 13:47:09 +0100
Hi Guys,
I hope someone can help me out with a solution for my problem.
It is concerning an IPSec 0.0.0.0. issue:
On a Cisco VPN gateway/device or othe SOHO router it is possible to utilize the
0.0.0.0 route through the IPSec tunnel as a default gateway. This appears to be
useful especially if you want to be very flexible with your internal network
(remove and add subnets) without losing the IPSec tunnel from your remote site
to your internal network, and for security reasons. I'm working for a
construction company and need to add more than 70 Remote Sites at
constructions. These sites need to have the 0.0.0.0 route ala policy to the
main office wich hosts ISA Server 2004.
However, when you define 0.0.0.0 as the remote subnet at the remote site it
keeps negosiating at PhaseII, because the IPSec filter do not allow such
connection. Only to subnets wich are defined at the Internal network interface
on ISA Server 2004. So if one decides to configure a VPN device with a remote
range with the IPSec tunnel 0.0.0.0, this implicates that this range must be
also configured on the ISA2004 server as local range! Which is of course not
the case, resulting in the message "this policy is not exisiting" during
phaseII, establishing the IPSec tunnel. When configuring a remote subnet wihich
is defined on ISA2004 on the internal network things work out well.
L2TP can do this, PPTP can do this, but it need's to be IPSec, because
compatibility with different VPN devices.
Microsoft told me that there would be a fix for this, although... not a fix,
but as a new feature in Service Pack 1.
Service Pack 1 is now available, but still no solution for the problem.
I hope you can help me out!
Kind regards,
Boudewijn
Other related posts:
