[isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED

• From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 13 Apr 2006 20:05:26 -0700

You mean ³the same IP that the internal network management route was
assigned to² right?

t


On 4/13/06 8:00 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:

> Hi Ray,
>  
> I assume that you're not trying to route the connection out through the same
> interface that received the connection request? If so, that's a bad no no.
>  
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
>  
> 
>>  
>>  
>> 
>>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Ray  Dzek
>> Sent: Thursday, April 13, 2006 5:50 PM
>> To:  isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Was Re: VPN  Monitoring.. now MOVING ON...SOLVED
>> 
>>  
>>  
>> Sorry... been up for about 28 hours  now.
>>  
>>  
>>  
>> As soon as I pushed the send button I knew what the  problem was from the
>> "Destination host unreachable".  I had to add the  192.168.101.0/24 to the
>> Internal networks set since I was now "shuffling"  that traffic across the
>> internal network to the other gateway, instead of via  the virtual VPN
>> interfaces it was on when it was connected via  ISA.
>>  
>>  
>>  
>> Can I go to bed now?
>> 
>>  
>>  
>> 
>>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Ray  Dzek
>> Sent: Thursday, April 13, 2006 3:39 PM
>> To:  isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Was Re: VPN  Monitoring.. now MOVING ON...
>> 
>>  
>>  
>> Ping from the ISA server gives  this.
>>  
>>  
>>  
>> Pinging  192.168.101.8 with 32 bytes of data:
>>  
>>  
>>  
>> Destination host  unreachable.
>> Destination host unreachable.
>> Destination host  unreachable.
>> Destination host unreachable.
>>  
>>  
>> Ping from any other device on the network yields  request timed out.
>>  
>>  
> 
>  
>  
> 
>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Ray  Dzek
> Sent: Thursday, April 13, 2006 3:32 PM
> To:  isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Was Re: VPN  Monitoring.. now MOVING ON...
> 
>  
>  
> I'm not getting any error.  It is just not  working.  The route is added in
> fine.
>  
>  
>  
> Persistent Routes:
>   Network  Address        Netmask       Gateway Address   Metric
>      192.168.101.0      255.255.255.0         10.1.8.99             1
>  
>  
>  
> I guess I will poke around some  more....
> 
>  
>  
> 
>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Mark  Morgan
> Sent: Thursday, April 13, 2006 2:49 PM
> To:  isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Was Re: VPN  Monitoring.. now MOVING ON...
> 
>  
>  
> ROUTE -P ADD..... SHOULD WORK I HAVE THE SAME THINK  AT MY SITE. WHAT ERROR
> ARE YOU GETTING WHEN YOU TRY TO ADD THE  ROUTE?
>  
>  
>  
>>  
>> -----Original Message-----
>> From:  isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]On
>> Behalf Of Ray Dzek
>> Sent: Thursday, April 13, 2006 1:47  PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Was Re:  VPN Monitoring.. now MOVING ON...
>> 
>>  
>> Okay .. so we moved the connection over to the Cisco  ASA box where I can
>> actually monitor what the heck is going on.  But I  still need ISA in this as
>> it is the default gateway for the rest of the  network.
>>  
>>  
>>  
>> So..    on ISA I thought I could just do  a route -p add route mask gateway.
>> But apparently I am WRONG...  again
>>  
>>  
>>  
>> How can I make ISA route the 192.168.101.0 traffic over  to the other
>> gateway?  I tried networks and network sets, but neither  allow for adding a
>> gateway or any routing other than through a VPN  connection.
>> 
>>  
>>  
>> 
>>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Ray  Dzek
>> Sent: Thursday, April 13, 2006 9:25 AM
>> To:  isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: VPN  Monitoring
>> 
>>  
>>  
>> Well .. thanks everybody that responded.  I did  notice something else.  On
>> the dashboard it lists site to site VPN, but  says "0" when I know I have 2
>> site-to-site VPNs up and  running.
>>  
>>  
>>  
>> Anyway... the data in the sonic wall is WAY more  complete and WAY easier to
>> get to, so we are going with that.  I think  we grabbed the data we need, now
>> we just have to figure out what to do with  it.  There appears to be some
>> kind of time-out issue on their end and  the tunnel keeps dropping and
>> rebuilding.
>>  
>>  
>>  
>> Note to MS ... ISA needs way better tools.
>> 
>>  
>>  
>> 
>>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of John T  (Lists)
>> Sent: Wednesday, April 12, 2006 11:42 PM
>> To:  isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: VPN  Monitoring
>> 
>>  
>>  
>>  
>> 
>> Are you logging  the Sonicwalls to a syslog? I have found that helps to track
>> problems  down.
>>  
>>  
>>  
>>  
>> 
>> John  T
>>  
>> eServices For  You
>>  
>>  
>>  
>> "Seek, and ye  shall find!"
>>  
>>  
>>  
>>  
>> 
>> -----Original  Message-----
>> From:  isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Ray Dzek
>> Sent: Wednesday, April  12, 2006 9:46  AM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] VPN  Monitoring
>>  
>>  
>>  
>>  
>> 
>> Hi all...  
>>  
>>  
>> 
>>  
>>  
>>  
>> 
>> Its a hair less frantic this  week.  We are trying to track down issues with
>> our point to point IPSec  tunnels to Europe.   We are using ISA on this end
>> and SonicWall TZ150's and 170's on the far  end.  The far end is trying to
>> run Oracle 11i Applications and are  getting intermittent timeouts.  Usually
>> 2-3 per day.  (Their  day.  We are PST and they are CET)  There is nothing in
>> the ISA  logs to indicate the tunnel is dropping, but there doesn't appear to
>> be ANY  logging of anything related to the tunnel in the event logs, other
>> than  traffic logged into the firewall logs.  But the firewall logs won't
>> show the tunnel as being down.  Is there a way to monitor the tunnel  status?
>> Nothing appears to be logged if/when the tunnel is dropped and  then
>> reconnected.  Can anybody recommend something that could monitor  real-time
>> status of the tunnels?  The "outage" appears to just be a  "wink" where the
>> applications will disconnect for just a  second.
>>  
>>  
>> 
>>  
>>  
>>  
>> 
>> Thanks  all!
>>  
>>  
>> 
>>  
>>  
>>  
>>  
>> Ray  Dzek
>> Net Ops / Helpdesk Supervisor
>> Specialized Bicycle  Components
>>  
>>  
>> 
>>  
>> 
>>  
>> --
>> No virus found in this incoming message.
>> Checked by  AVG Free Edition.
>> Version: 7.1.385 / Virus Database: 268.4.1/310 -  Release Date: 4/12/2006
> 
>  
> 
> --
> No virus found in this outgoing message.
> Checked by  AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.4.1/310 - Release  Date: 4/12/2006
> 

• References:
  • [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
    • From: Thomas W Shinder

Other related posts:

• » [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
• » [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
• » [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
• » [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
• » [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
• » [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---