[isalist] Re: VPN Client IP Addresses on new TMG Install

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 21 Sep 2010 13:25:00 +0000

http://www.ISAserver.org
-------------------------------------------------------

You adjust the routing table as you would with clients coming from any other 
non-local subnet.
Use isa_tpr.js - I didn't write (and don't support) the .NET app.  I do provide 
a link to the author so you can write him.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Tom Rogers
Sent: Tuesday, September 21, 2010 5:46 AM
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: VPN Client IP Addresses on new TMG Install

http://www.ISAserver.org
-------------------------------------------------------
  
But if you use another subnet for VPN clients, they cannot connect to internal 
resources.

Also the tunnel port editor wants .Net 1.1 installed and W2K8 R2 wont allow it, 
says there is an incompatiblity with that version. 3.5 is installed, but tpe 
wants 1.1, unlesd there is an updated version somewhere...


-Tom Rogers
 Systems Administrator
 Schneider Packaging Equipment


On Sep 21, 2010, at 7:55 AM, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Actually, RRAS does the IP leasing.
> Ideally, youi want to avoid using the same subnet for VPN clients as you do 
> for internal hosts - all manner of fun will ensue otherwise.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
> Sent: Monday, September 20, 2010 12:58 PM
> To: 'isalist@xxxxxxxxxxxxx'
> Subject: [isalist] Re: VPN Client IP Addresses on new TMG Install
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Problem solved - I changed from DHCP to Static IPs, on a differnet subnet, 
> that worked, so I switched back to DHCP and magically it started working 
> giving out IPs in our subnet from internal DHCP server. TMG actually reserved 
> the 10 IPs it was supposed to where it did not before.
> 
> Don't ask me how it works now, but it does.
> 
> 
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Jim Harrison
>> Sent: Monday, September 20, 2010 3:56 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: VPN Client IP Addresses on new TMG Install
>> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>> 
>> A1 - any time you see 169.254/16, this indicates that the client was 
>> unable to acquire an IP address via DHCP (or IPCP, in the case of VPN 
>> connections).
>> You need to double-check your TMG configuration to ensure that you 
>> have it configured properly.  You cannot hand out IP addresses from 
>> the Internal range to VPN clients - they MUST be in a separate subnet.
>> 
>> A2 - yes
>> 
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Tom Rogers
>> Sent: Monday, September 20, 2010 08:19
>> To: 'isalist@xxxxxxxxxxxxx'
>> Subject: [isalist] Re: VPN Client IP Addresses on new TMG Install
>> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>> 
>> Also, can you use the Tunnel Port Editor on TMG?
>> 
>> 
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>> On Behalf Of Tom Rogers
>>> Sent: Monday, September 20, 2010 11:17 AM
>>> To: 'isalist@xxxxxxxxxxxxx'
>>> Subject: [isalist] VPN Client IP Addresses on new TMG Install
>>> 
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>> 
>>> I migrated ISA 2006 to the new TMG 2010 SP-1 over the weekend, on a 
>>> new
>>> W2K8 R2 member server. I imported the ISA config and did all that 
>>> Microsoft had shown in their step-by-step guide. All is working
>>> well...except:
>>> 
>>> When I VPN in, I am getting an IP Addr of 169.254.176.x and 
>>> therefore, I cannot access any of my network resources, which are on 
>>> 192.168.1.x
>>> 
>>> I have verified TMG is giving out DHCP IP info based on the internal 
>>> NIC, so where the heck are these IP's coming from, and how do I get 
>>> an IP addr assigned to my VPN clients of 192.168.1.x ?
>>> 
>>> TIA,
>>> 
>>> -Tom Rogers
>>> 
>>> 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>> 
>> 
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] VPN Client IP Addresses on new TMG Install
    • From: Tom Rogers
  • [isalist] Re: VPN Client IP Addresses on new TMG Install
    • From: Tom Rogers
  • [isalist] Re: VPN Client IP Addresses on new TMG Install
    • From: Jim Harrison
  • [isalist] Re: VPN Client IP Addresses on new TMG Install
    • From: Tom Rogers
  • [isalist] Re: VPN Client IP Addresses on new TMG Install
    • From: Jim Harrison
  • [isalist] Re: VPN Client IP Addresses on new TMG Install
    • From: Tom Rogers

Other related posts:

• » [isalist] VPN Client IP Addresses on new TMG Install- Tom Rogers
• » [isalist] Re: VPN Client IP Addresses on new TMG Install- Tom Rogers
• » [isalist] Re: VPN Client IP Addresses on new TMG Install- Jim Harrison
• » [isalist] Re: VPN Client IP Addresses on new TMG Install- Tom Rogers
• » [isalist] Re: VPN Client IP Addresses on new TMG Install- Jim Harrison
• » [isalist] Re: VPN Client IP Addresses on new TMG Install- Tom Rogers
• » [isalist] Re: VPN Client IP Addresses on new TMG Install - Jim Harrison

1. Home
2. isalist
3. Archive
4. 09-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---