Re: vpn

  • From: Ördögh László <OrdoghL@xxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jul 2001 16:37:02 +0200

The clients get their IP addresses from
the VPN server but the answer from DHCP server
(DHCPINFORM) never reach them.
Here is a situation:
The client connect and authenticate at VPN server
and get an IP address from RAS (from DHCP lease).
After that I am trying to ping a machine in the
internal network from the VPN client->time out.
If a view the arp cache of the internal machine
which I have pinged I see the MAC address of the 
VPN server internal adapter has been assigned to
the IP address of VPN client. So the proxy arp
working and the ICMP packet reach the internal
machine. But when it send an echo reply back
to VPN clients IP address, this reply packet can't
reach the VPN client, and sometimes the VPN server
answers 'destination host unreachable'.

How can I define a static route if the vpn clients
are on the same subnet as the internal networks?

ps: If I use static pool on VPN server then the ping
works fine.


Thx
Ordogh Laszlo




-----------------------------------------------------------------
Ördögh László
mailto:ordoghl@xxxxxxxxxxxxx
ICQ:48756063

Digital Kft.
Szeged, Csongrádi sgt. 83.
Tel.: (62) 488-380
Fax.: (62) 490-553
------------------------------------------------------------------


-----Original Message-----
From: Greg Hess [mailto:gmh@xxxxxxxx] 
Sent: 2001. július 24. 16:22
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: vpn

http://www.ISAserver.org


Check your clients, make sure they are recieving the DHCP scope address and
not the "default" they assign themselves when they cannot communicate with
the DHCP server. Also, I would make sure the DHCP subnet is routed to the
internal subnet somehow, probably the static route list on the server.
Greg.

>>> OrdoghL@xxxxxxxxxxxxx 07/24/01 10:16AM >>>
http://www.ISAserver.org 


Hello!
 
I have configured our ISA box to allow VPN client 
connections. If I use static address pool and a 
different IP subnet mask for VPN clients than the
internal network, it is ok.
But when I tell to ISA server to use DHCP addresses
the VPN clients cannot see the internal network.
The IP packets never routed back to VPN clients.
 
IP routing is enabled.
 
What could be the problem?
 
Thx for any answer!
 
 
-----------------------------------------------------------------
Ordogh Laszlo
mail <mailto:ordoghl@xxxxxxxxxxxxx> to:ordoghl@xxxxxxxxxxxxx 
------------------------------------------------------------------
 


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmh@xxxxxxxx 
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ordoghl@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: