You mean ³the same IP that the internal network management route was assigned to² right? t On 4/13/06 8:00 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all: > Hi Ray, > > I assume that you're not trying to route the connection out through the same > interface that received the connection request? If so, that's a bad no no. > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On >> Behalf Of Ray Dzek >> Sent: Thursday, April 13, 2006 5:50 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED >> >> >> >> Sorry... been up for about 28 hours now. >> >> >> >> As soon as I pushed the send button I knew what the problem was from the >> "Destination host unreachable". I had to add the 192.168.101.0/24 to the >> Internal networks set since I was now "shuffling" that traffic across the >> internal network to the other gateway, instead of via the virtual VPN >> interfaces it was on when it was connected via ISA. >> >> >> >> Can I go to bed now? >> >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On >> Behalf Of Ray Dzek >> Sent: Thursday, April 13, 2006 3:39 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON... >> >> >> >> Ping from the ISA server gives this. >> >> >> >> Pinging 192.168.101.8 with 32 bytes of data: >> >> >> >> Destination host unreachable. >> Destination host unreachable. >> Destination host unreachable. >> Destination host unreachable. >> >> >> Ping from any other device on the network yields request timed out. >> >> > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Ray Dzek > Sent: Thursday, April 13, 2006 3:32 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON... > > > > I'm not getting any error. It is just not working. The route is added in > fine. > > > > Persistent Routes: > Network Address Netmask Gateway Address Metric > 192.168.101.0 255.255.255.0 10.1.8.99 1 > > > > I guess I will poke around some more.... > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Mark Morgan > Sent: Thursday, April 13, 2006 2:49 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON... > > > > ROUTE -P ADD..... SHOULD WORK I HAVE THE SAME THINK AT MY SITE. WHAT ERROR > ARE YOU GETTING WHEN YOU TRY TO ADD THE ROUTE? > > > >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]On >> Behalf Of Ray Dzek >> Sent: Thursday, April 13, 2006 1:47 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Was Re: VPN Monitoring.. now MOVING ON... >> >> >> Okay .. so we moved the connection over to the Cisco ASA box where I can >> actually monitor what the heck is going on. But I still need ISA in this as >> it is the default gateway for the rest of the network. >> >> >> >> So.. on ISA I thought I could just do a route -p add route mask gateway. >> But apparently I am WRONG... again >> >> >> >> How can I make ISA route the 192.168.101.0 traffic over to the other >> gateway? I tried networks and network sets, but neither allow for adding a >> gateway or any routing other than through a VPN connection. >> >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On >> Behalf Of Ray Dzek >> Sent: Thursday, April 13, 2006 9:25 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: VPN Monitoring >> >> >> >> Well .. thanks everybody that responded. I did notice something else. On >> the dashboard it lists site to site VPN, but says "0" when I know I have 2 >> site-to-site VPNs up and running. >> >> >> >> Anyway... the data in the sonic wall is WAY more complete and WAY easier to >> get to, so we are going with that. I think we grabbed the data we need, now >> we just have to figure out what to do with it. There appears to be some >> kind of time-out issue on their end and the tunnel keeps dropping and >> rebuilding. >> >> >> >> Note to MS ... ISA needs way better tools. >> >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On >> Behalf Of John T (Lists) >> Sent: Wednesday, April 12, 2006 11:42 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: VPN Monitoring >> >> >> >> >> >> Are you logging the Sonicwalls to a syslog? I have found that helps to track >> problems down. >> >> >> >> >> >> John T >> >> eServices For You >> >> >> >> "Seek, and ye shall find!" >> >> >> >> >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On >> Behalf Of Ray Dzek >> Sent: Wednesday, April 12, 2006 9:46 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] VPN Monitoring >> >> >> >> >> >> Hi all... >> >> >> >> >> >> >> >> Its a hair less frantic this week. We are trying to track down issues with >> our point to point IPSec tunnels to Europe. We are using ISA on this end >> and SonicWall TZ150's and 170's on the far end. The far end is trying to >> run Oracle 11i Applications and are getting intermittent timeouts. Usually >> 2-3 per day. (Their day. We are PST and they are CET) There is nothing in >> the ISA logs to indicate the tunnel is dropping, but there doesn't appear to >> be ANY logging of anything related to the tunnel in the event logs, other >> than traffic logged into the firewall logs. But the firewall logs won't >> show the tunnel as being down. Is there a way to monitor the tunnel status? >> Nothing appears to be logged if/when the tunnel is dropped and then >> reconnected. Can anybody recommend something that could monitor real-time >> status of the tunnels? The "outage" appears to just be a "wink" where the >> applications will disconnect for just a second. >> >> >> >> >> >> >> >> Thanks all! >> >> >> >> >> >> >> >> Ray Dzek >> Net Ops / Helpdesk Supervisor >> Specialized Bicycle Components >> >> >> >> >> >> >> -- >> No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.385 / Virus Database: 268.4.1/310 - Release Date: 4/12/2006 > > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.385 / Virus Database: 268.4.1/310 - Release Date: 4/12/2006 >