Hi peeps, i have used the wizard to create my VPN which seemed very simple.
Its created the networks and the firewall policy to allow access from internal to the network on the other side of the VPN (set to route). I can see the Hand shake on the VPN in the US (Dallas) phase II completes fine. But once the connection is made i cant ping or connect to any of the computers in the US... I can see traffic from the US arriving on the ISA server by putting the filter on with the source network set to Dallas. But anything i send from the ISA server to the US is not arriving.
Do i need to set up any other rules or static routes? i have tried everything i can think of and nothing works
Hope some one can help!!!!
Here are the settings (Hope this is enough)...
Local Tunnel Endpoint: 213.106.224.***
Remote Tunnel Endpoint: 209.19.4.***
To allow HTTP proxy or NAT traffic to the remote site,
the remote site configuration must contain the local
site tunnel end-point IP address.
IKE Phase I Parameters:
Mode: Main mode
Encryption: 3DES
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (*******************)
Security Association Lifetime: 28800 seconds
IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: 3DES
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 3600 seconds
Kbyte Rekeying: OFF
Remote Network 'Dallas' IP Subnets:
Subnet: 192.168.113.0/255.255.255.0
Local Network 'Internal' IP Subnets:
Subnet: 192.168.111.0/255.255.255.0
Routable Local IP Addresses:
Subnet: 192.168.111.0/255.255.255.0
------- The Networks as they are in the Networks window...
Dallas - 192.168.113.0 - 192.168.113.255
Internal 192.168.111.0 - 192.168.111.255
------ The Network Rules....
Dallas to Internal Network - Route - Dallas - Internal
------ Firewall Rules.....
Dallas and Internal
Allow
All Outbound Traffic
From : Dallas + Internal
To : Dallas + Internal
System Rule : Allow VPN site-to-site traffic to ISA Server
Allow
IKE Client + IKE Server + IPsec ESP Server + IPSec ESP + IPsec NAT-T Client + IPsec NAT-T Server
From : External + IPsec Remote Gateways
To : Local Host
System Rule : Allow VPN site-to-site traffic from ISA Server
Allow
IKE Client + IKE Server + IPsec ESP Server + IPSec ESP + IPsec NAT-T Client + IPsec NAT-T Server
From : Local Host
To :External + IPsec Remote Gateways
Its created the networks and the firewall policy to allow access from internal to the network on the other side of the VPN (set to route). I can see the Hand shake on the VPN in the US (Dallas) phase II completes fine. But once the connection is made i cant ping or connect to any of the computers in the US... I can see traffic from the US arriving on the ISA server by putting the filter on with the source network set to Dallas. But anything i send from the ISA server to the US is not arriving.
Do i need to set up any other rules or static routes? i have tried everything i can think of and nothing works
Hope some one can help!!!!
Here are the settings (Hope this is enough)...
Local Tunnel Endpoint: 213.106.224.***
Remote Tunnel Endpoint: 209.19.4.***
To allow HTTP proxy or NAT traffic to the remote site,
the remote site configuration must contain the local
site tunnel end-point IP address.
IKE Phase I Parameters:
Mode: Main mode
Encryption: 3DES
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (*******************)
Security Association Lifetime: 28800 seconds
IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: 3DES
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 3600 seconds
Kbyte Rekeying: OFF
Remote Network 'Dallas' IP Subnets:
Subnet: 192.168.113.0/255.255.255.0
Local Network 'Internal' IP Subnets:
Subnet: 192.168.111.0/255.255.255.0
Routable Local IP Addresses:
Subnet: 192.168.111.0/255.255.255.0
------- The Networks as they are in the Networks window...
Dallas - 192.168.113.0 - 192.168.113.255
Internal 192.168.111.0 - 192.168.111.255
------ The Network Rules....
Dallas to Internal Network - Route - Dallas - Internal
------ Firewall Rules.....
Dallas and Internal
Allow
All Outbound Traffic
From : Dallas + Internal
To : Dallas + Internal
System Rule : Allow VPN site-to-site traffic to ISA Server
Allow
IKE Client + IKE Server + IPsec ESP Server + IPSec ESP + IPsec NAT-T Client + IPsec NAT-T Server
From : External + IPsec Remote Gateways
To : Local Host
System Rule : Allow VPN site-to-site traffic from ISA Server
Allow
IKE Client + IKE Server + IPsec ESP Server + IPSec ESP + IPsec NAT-T Client + IPsec NAT-T Server
From : Local Host
To :External + IPsec Remote Gateways
