[isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...SOLVED
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Apr 2006 22:08:08 -0500
Hmmm. I'm not from there. :)
What I mean is:
Internal interface: 1.1.1.1
External inteface: 2.2.2.2
Gateway interface for next hop: 1.1.1.2
If so, no workie ;)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
Sent: Thursday, April 13, 2006 10:05 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING
ON...SOLVED
You mean "the same IP that the internal network management route
was assigned to" right?
t
On 4/13/06 8:00 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
spoketh to all:
Hi Ray,
I assume that you're not trying to route the connection
out through the same interface that received the connection request? If
so, that's a bad no no.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 5:50 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring..
now MOVING ON...SOLVED
Sorry... been up for about 28 hours now.
As soon as I pushed the send button I knew what
the problem was from the "Destination host unreachable". I had to add
the 192.168.101.0/24 to the Internal networks set since I was now
"shuffling" that traffic across the internal network to the other
gateway, instead of via the virtual VPN interfaces it was on when it
was connected via ISA.
Can I go to bed now?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 3:39 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring..
now MOVING ON...
Ping from the ISA server gives this.
Pinging 192.168.101.8 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Ping from any other device on the network yields
request timed out.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 3:32 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring.. now
MOVING ON...
I'm not getting any error. It is just not working.
The route is added in fine.
Persistent Routes:
Network Address Netmask Gateway Address
Metric
192.168.101.0 255.255.255.0 10.1.8.99
1
I guess I will poke around some more....
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Mark Morgan
Sent: Thursday, April 13, 2006 2:49 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring.. now
MOVING ON...
ROUTE -P ADD..... SHOULD WORK I HAVE THE SAME THINK AT
MY SITE. WHAT ERROR ARE YOU GETTING WHEN YOU TRY TO ADD THE ROUTE?
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 1:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Was Re: VPN Monitoring.. now
MOVING ON...
Okay .. so we moved the connection over to the
Cisco ASA box where I can actually monitor what the heck is going on.
But I still need ISA in this as it is the default gateway for the rest
of the network.
So.. on ISA I thought I could just do a
route -p add route mask gateway. But apparently I am WRONG... again
How can I make ISA route the 192.168.101.0
traffic over to the other gateway? I tried networks and network sets,
but neither allow for adding a gateway or any routing other than
through a VPN connection.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 9:25 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Monitoring
Well .. thanks everybody that responded. I did
notice something else. On the dashboard it lists site to site VPN, but
says "0" when I know I have 2 site-to-site VPNs up and running.
Anyway... the data in the sonic wall is WAY more
complete and WAY easier to get to, so we are going with that. I think
we grabbed the data we need, now we just have to figure out what to do
with it. There appears to be some kind of time-out issue on their end
and the tunnel keeps dropping and rebuilding.
Note to MS ... ISA needs way better tools.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of John T (Lists)
Sent: Wednesday, April 12, 2006 11:42 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Monitoring
Are you logging the Sonicwalls to a syslog? I
have found that helps to track problems down.
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ray Dzek
Sent: Wednesday, April 12, 2006 9:46 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] VPN Monitoring
Hi all...
Its a hair less frantic this week. We are
trying to track down issues with our point to point IPSec tunnels to
Europe. We are using ISA on this end and SonicWall TZ150's and 170's
on the far end. The far end is trying to run Oracle 11i Applications
and are getting intermittent timeouts. Usually 2-3 per day. (Their
day. We are PST and they are CET) There is nothing in the ISA logs to
indicate the tunnel is dropping, but there doesn't appear to be ANY
logging of anything related to the tunnel in the event logs, other than
traffic logged into the firewall logs. But the firewall logs won't
show the tunnel as being down. Is there a way to monitor the tunnel
status? Nothing appears to be logged if/when the tunnel is dropped and
then reconnected. Can anybody recommend something that could monitor
real-time status of the tunnels? The "outage" appears to just be a
"wink" where the applications will disconnect for just a second.
Thanks all!
Ray Dzek
Net Ops / Helpdesk Supervisor
Specialized Bicycle Components
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.1/310 -
Release Date: 4/12/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.1/310 - Release
Date: 4/12/2006
Other related posts:
