Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VPN Access
- Thread starter PhilUnit
- Start date
macleod1021
Programmer
Check to make sure you're getting a local IP address when you connect. If you are, make sure you have your settings to log into the network upon connection.
- Thread starter
- #3
I would hazard a guess that your servers (AD etc) do not have a static route to your ISA server?
If your ISA server passes traffic to your servers, they have to have a route which tells them to reply via your ISA server rather than the default gateway. OR you have to specify a route on your default gateway pointing all your VPN traffic back to the ISA server.
This is easy as long as you have configured your VPN IP address range on a different octet to your normal LAN...for example.
If you LAN is 10.1.1.0
Your VPN is 10.1.2.0
Your VPN Server is 10.1.1.100
Add a static route which points all traffic to 10.1.2.0 to 10.1.1.100.
That will most likely solve your problem assuming your ISA rules are all OK.
Thanks,
Mike Firth
Michael Firth
Network Infrastructure Officer
~If it's not broke, break it and LEARN~
If your ISA server passes traffic to your servers, they have to have a route which tells them to reply via your ISA server rather than the default gateway. OR you have to specify a route on your default gateway pointing all your VPN traffic back to the ISA server.
This is easy as long as you have configured your VPN IP address range on a different octet to your normal LAN...for example.
If you LAN is 10.1.1.0
Your VPN is 10.1.2.0
Your VPN Server is 10.1.1.100
Add a static route which points all traffic to 10.1.2.0 to 10.1.1.100.
That will most likely solve your problem assuming your ISA rules are all OK.
Thanks,
Mike Firth
Michael Firth
Network Infrastructure Officer
~If it's not broke, break it and LEARN~
Re-reading my last post i wasn't very clear.
If you want servers to be able to reply to the VPN clients you will need to add a static route which tells your servers that if replying to THE IP ADDRESS RANGE OF YOUR VPN CLIENTS to use the ISA server.
i.e. route add -p 10.1.2.0 (The VPN clients range) mask 255.255.255.0 (VPN clients mask) 10.1.1.100 (YOur ISA Server).
Hope this helps.
Mike Firth
Michael Firth
Network Infrastructure Officer
~If it's not broke, break it and LEARN~
If you want servers to be able to reply to the VPN clients you will need to add a static route which tells your servers that if replying to THE IP ADDRESS RANGE OF YOUR VPN CLIENTS to use the ISA server.
i.e. route add -p 10.1.2.0 (The VPN clients range) mask 255.255.255.0 (VPN clients mask) 10.1.1.100 (YOur ISA Server).
Hope this helps.
Mike Firth
Michael Firth
Network Infrastructure Officer
~If it's not broke, break it and LEARN~
- Status
Similar threads
- Locked
- Question
- Locked
- Question