[isalist] Re: VPN Client to access additional network

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: <isalist@xxxxxxxxxxxxx>
Date: Fri, 30 Nov 2007 08:17:32 -0600

OK, client is a member of the VPN Clients Network.
 
Destination -- what ISA Firewall Network does that belong to?
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- Microsoft Firewalls (ISA)

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny
        Sent: Friday, November 30, 2007 7:38 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: VPN Client to access additional network
        
        
        The VPN Client is coming in through the Internet/External NIC.
The destination is subnet is an extension of the Internal network.
        
        I am not sure that answered your question, though! Please
advise.
        
        Thanks, Dr. Shinder. 
        
        
        On Nov 29, 2007 10:43 PM, Thomas W Shinder
<tshinder@xxxxxxxxxxx> wrote:
        

                What ISA Firewall Network is the client on?

                 

                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny
                Sent: Thursday, November 29, 2007 9:29 PM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] VPN Client to access additional
network

                 

                Challenge: ISA 2004 VPN client is unable to connect to
additional (172.16.0.0/16) network via LAN (192.168.0.2/24) default
gateway supplied by LAN DHCP server. 
                
                ISA Internal NIC: 192.168.0.250
                ISA External NIC: 123.123.123.123 (i.e Public IP)
                
                Default Gateway IP on LAN: 192.168.0.2
                Router IP connected to 172.16.0.0 Network: 192.168.0.3
(static route on DGW for 172.16.0.0 network points to this router)
                
                DHCP supplied VPN client:
                IP: 192.168.0.150
                Default Gateway: <same as above>
                
                VPN client pings 172.16.0.10 IP, result is request timed
out. Traceroute times out with unlabeled (*) network hops.
                
                VPN firewall policy permits All Outbound from VPN
Clients to All Protected Networks. I am thinking I should create a new
Network definition and update the policy and/or ensure the new network
is included in the All Protected Networks definition. 
                
                I am reviewing
<http://www.isaserver.org/articles/2004netinnet.html> and <
http://blogs.technet.com/sbs/archive/2007/11/29/network-behind-a-network
.aspx
<http://blogs.technet.com/sbs/archive/2007/11/29/network-behind-a-networ
k.aspx> >, trying to figure out what options or what would be the best
practice on how to configure ISA and/or the network to accommodate this
requirement? 
                
                Thank you for your assistance.
                
                
                
                
                




        -- 
        CPDE - Certified Petroleum Distribution Engineer
        CCBC - Certified Canadian Beer Consumer

Follow-Ups:
- [isalist] Re: VPN Client to access additional network
  - From: Danny

[isalist] Re: VPN Client to access additional network

Other related posts: