The clients get their IP addresses from the VPN server but the answer from DHCP server (DHCPINFORM) never reach them. Here is a situation: The client connect and authenticate at VPN server and get an IP address from RAS (from DHCP lease). After that I am trying to ping a machine in the internal network from the VPN client->time out. If a view the arp cache of the internal machine which I have pinged I see the MAC address of the VPN server internal adapter has been assigned to the IP address of VPN client. So the proxy arp working and the ICMP packet reach the internal machine. But when it send an echo reply back to VPN clients IP address, this reply packet can't reach the VPN client, and sometimes the VPN server answers 'destination host unreachable'. How can I define a static route if the vpn clients are on the same subnet as the internal networks? ps: If I use static pool on VPN server then the ping works fine. Thx Ordogh Laszlo ----------------------------------------------------------------- Ördögh László mailto:ordoghl@xxxxxxxxxxxxx ICQ:48756063 Digital Kft. Szeged, Csongrádi sgt. 83. Tel.: (62) 488-380 Fax.: (62) 490-553 ------------------------------------------------------------------ -----Original Message----- From: Greg Hess [mailto:gmh@xxxxxxxx] Sent: 2001. július 24. 16:22 To: [ISAserver.org Discussion List] Subject: [isalist] Re: vpn http://www.ISAserver.org Check your clients, make sure they are recieving the DHCP scope address and not the "default" they assign themselves when they cannot communicate with the DHCP server. Also, I would make sure the DHCP subnet is routed to the internal subnet somehow, probably the static route list on the server. Greg. >>> OrdoghL@xxxxxxxxxxxxx 07/24/01 10:16AM >>> http://www.ISAserver.org Hello! I have configured our ISA box to allow VPN client connections. If I use static address pool and a different IP subnet mask for VPN clients than the internal network, it is ok. But when I tell to ISA server to use DHCP addresses the VPN clients cannot see the internal network. The IP packets never routed back to VPN clients. IP routing is enabled. What could be the problem? Thx for any answer! ----------------------------------------------------------------- Ordogh Laszlo mail <mailto:ordoghl@xxxxxxxxxxxxx> to:ordoghl@xxxxxxxxxxxxx ------------------------------------------------------------------ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmh@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ordoghl@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')