Watchguard 6ct and SBS 2000

rgillis70_at_speakeasy.net
Date: 01/17/05 

Date: 17 Jan 2005 07:02:10 -0800

I have a sbs2000 for a client that we recently got a 6ct forI have a
sbs2000 that we recently got a 6ct for. A few issues...

They have 2 offices. Main one is on a SDSL line and the other is on a
cable connection. The users at the cable one are not technically
inclined. I had them running a PPTP VPN to the main office and then
running a TS session to a TS that they worked off of. All good!

But the Cable line is unstable, and they complain / do not want to have
to redial the VPN connection when it is dropped by the PPTP due to
issues. So I figured a Site to Site VPN would be good, as it would
allow the devices to reattach whenever the line goes down, with no
interaction on their end (other than reopening a TS session).

So...I get the 6tc after my CDW rep told me that they will support the
Site to Site, as well as allowing the passthrough of PPTP - so I need
not reconfigure all other users (like myself when I VPN to them)

Ok - enough background...

We have 5 usable static IP's. I set the 6ct External interface up with
the ISP's assistance and can go outbound fine. I tested sending email
(through the SBS server (Exchange/ISA) and received ok by outside
address. However, the inbound email is not working. Network is as
follows:

65..49 (External Gtway)
65..50 (external IP)
65..51 (External Email - assigned as such by ISP) and I have .52 and
.53 available

192.168.1.1 (Internal 6ct)
192.168.1.2 (External ISA)
192.168.0.x (internal ISA)

So I created the following routes:

Routing Table

Destination Gateway Genmask Iface
65.x.x.48 69.x.x.50 255.255.255.248 eth0 (external)
192.168.1.0 192.168.1.1 255.255.255.0 eth1 (trusted)
192.168.1.2 192.168.1.2 255.255.255.255 eth1 (trusted)
192.168.0.0 192.168.1.2 255.255.255.0 eth1 (trusted)
65.x.x.51 192.168.1.2 255.255.255.255 eth1 (trusted)
192.168.1.1 192.168.1.1 255.255.255.255 eth1 (trusted)
192.168.1.0 192.168.1.1 255.255.255.255 eth1 (trusted)
0.0.0.0 65.x.x.49 0.0.0.0 eth0 (external)

For some reason inbound email is not passing thru to the 192.168.0.1
address?

Also I configured rules to allow PPTP to pass thru and it is not
either. ?????

Did I total screw up this configuration?

Additionally, I noticed in posts by Jeff and others that Site to Site
does not work as the end point is outside the ISA. Could I not have a
route that allows the traffic to pass to the ISA server and it will
allow it on thru? Just seems like this was a waste if that is the case.

Relevant Pages

  • Re: Unable to make VPN connection to ISA 2006 Standard
    ... Router and the isa server this nat enabled, then the pptp tunnel will fail? ... If i initialize an vpn connection with a windows client, ...
    (microsoft.public.isa.vpn)
  • Re: Unable to make VPN connection to ISA 2006 Standard
    ... VPN client and the ISA. ... The PPTP filter will drop PPTP connections *any time* the PPTP VPN protocol ...
    (microsoft.public.isa.vpn)
  • Re: Bizzare ISA2004 VPN Issues, Please help
    ... If you use the Server Publish rule to publish an internal PPTP server to the internet, a socket on TCP 1723 port of ISA external ... you could still setup PPTP server on ISA and let it listen on TCP 1723. ... | - I disabled VPN client access from within ISA2004. ...
    (microsoft.public.isa)
  • Re: Wie ISA Konfig gestalten? Neuer Netzwerkaufbau: ISA2004, VPN, FPT, .....
    ... geht mit einer Serververoeffe´ntlichung ueber den ISA prima. ... > Server zu nehmen? ... > - Bei VPN PPTP oder L2TP/IPSec nehmen? ...
    (microsoft.public.de.german.isaserver)
  • Re: gateway vpn how-to?
    ... After configuring the "Set up Local ISA VPN Server" wizard, ... After that, reboot the server. ... VPN client connections", finish the configuration afterwards. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)