[isalist] Re: vpn demand dial gw-to-gw routing problem

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Mon, 26 Jun 2006 09:22:57 -0500

http://www.ISAserver.org
-------------------------------------------------------

Hi Daniel,

No need to make host routes if the ISA firewall is the gateway for the
clients to all remote networks.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Daniel
> Sent: Monday, June 26, 2006 9:13 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: vpn demand dial gw-to-gw routing problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Please!
> 
> Nobody has this same problem with vpn routing?
> My routing plan is correct, seems that the MS RRAS server is 
> rejecting packets routed trough a non-ms gateway,
> I need create route entries in each host on the remote vpn 
> subnet to comunicate trough vpn. Do that have no
> sens, the route entry should reside on the LAN gateway who 
> should redirect vpn packet trough the MS-RRAS with
> the dd-vpn iface.
> 
> 
> thanks.
> daniel
> ----- Original Message ----- 
> From: "Daniel" <daniel@xxxxxxxxxxxxxxxx>
> To: "ISAServerList" <isalist@xxxxxxxxxxxxx>
> Sent: Saturday, June 24, 2006 1:56 AM
> Subject: [isalist] vpn demand dial gw-to-gw routing problem
> 
> 
> > -------------------------------------------------------
> >
> > Hi have the same routing problem with all my vpns (I'm 
> using PPTP vpns), seems be a MS RRAS specific
> problem.
> >
> > I have 5 dd persistent vpns on My headquarter isa server 
> 2000/w2k, who dials to remote w2k-RRAS servers on
> > partners networks. To route between the vpn subnets I have 
> static routes trough the correspondent vpn dd
> iface
> > in each RRAS and on my headquarter ISA/RRAS snap-in.
> >
> > In headquarter my ISA is the default gateway, but on the 
> remote networks the LAN default gateway is generaly
> a
> > cisco router or other router, not the w2k-RRAS with the vpn 
> dd iface. To have a correct routing plan I need
> > only create a route on this non-MS gateways to my 
> headquarter vpn subnet trough the w2k-RRAS LAN iface (who
> > have the dd vpn iface), but the routing don't work.
> >
> > To solve the problem I need to create a local route entry 
> (the same route I have on the LAN non-MS default
> > gateway) on each windows station on the remote LAN, so I 
> have access to this machine trough vpn, this prove
> > that the routing plan is correct.
> >
> > The problem seems be that default remote LAN gateway is a 
> non-MS box, but in TCP/IP routing concepts this
> have
> > no sens. Seems that packets routed trough a non-MS box are 
> rejected by the w2K-RRAS server (who have the dd
> > vpn iface) if they are destinated to the vpn.
> >
> > Someone can help me?
> >
> > thanks,
> >
> > Daniel
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• Follow-Ups:
  • [isalist] Re: vpn demand dial gw-to-gw routing problem
    • From: Egyptian Mind

Other related posts:

• » [isalist] vpn demand dial gw-to-gw routing problem
• » [isalist] Re: vpn demand dial gw-to-gw routing problem
• » [isalist] Re: vpn demand dial gw-to-gw routing problem
• » [isalist] Re: vpn demand dial gw-to-gw routing problem
• » [isalist] Re: vpn demand dial gw-to-gw routing problem
• » [isalist] Re: vpn demand dial gw-to-gw routing problem
• » [isalist] Re: vpn demand dial gw-to-gw routing problem

1. Home
2. isalist
3. Archive
4. 06-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---