Re: HELP I am adding a third NIC and having problems
- From: "cbtc_it" <cbtcit@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Sep 2005 10:11:16 -0700
Hi Jason,
I believe Phillip thinks that the VPN is one that you are hosting. The fact
that you are trying to connect for purposes of VPN is irrelevant. The simple
problem is connecting via a new NIC to an external (Internet) address of
170.209.0.xxx.
I would have some of the same questions as Phillip if I thought that you
were fielding a VPN request not initiating a connection.
Cheers,
Dave
--
**********************
Computers are incredibly fast, accurate, and stupid: humans are incredibly
slow, inaccurate and brilliant; together they are powerful beyond imagination.
--Albert Einstein
"Phillip Windell" wrote:
> "cbtc_it" <cbtcit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:424F0DD0-6663-4F76-A5F7-AB6A2017DDF2@xxxxxxxxxxxxxxxx
> > The address 170.209.0.XXX is public it belongs to the Federal reserve the
> > require banks to connect via VPN to that public address for a new product
> to
> > do wire transfers and ASH billing/payments. most US banks use it. That
> > might put us in the .01%.
>
> No 170.209.0.0 is the IP that the "Tunnel" connects to,...it is not the IP#
> that the traffic inside the Tunnel uses. They are two different things. See
> the image at http://209.16.209.143/vpn.jpg (192.168.1.x is just an example
> for the image).
>
> > if it doesn't play nice with the ISA server we will be charged large sums
> of
> > money for thier inconvience. This is why the HW firewall, the VPN device,
> > and the ISA server are three different pieces of equipment.
>
> See the second image at http://209.16.209.143/vpn2.jpg
>
> You have not accounted for the IP Range used on the inside of the VPN
> Tunnel,...that is the one that is effected by routing. The IP Subnet used on
> the outside of the Tunnel cannot be the same as the IP Range used on the
> inside of the Tunnel. However *both* of the IP Ranges used need to be
> configured as Internal with the ISA. The IP Number of the Local VPN Device
> is the "gateway" in the Static Route. But the Network in the Static Route
> (first item listed on the commandline) is the target Destination
> Network,...which is ???.???.???.??? because you have never stated what that
> is. In the ISA config, both networks (170.209.0.0/16 and ???.???.???.???/??)
> must be configured as Local Networks,...if ISA is misconfigured to consider
> either one of them to be anything other than Internal it will fail.
>
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
>
>
.
- References:
- HELP I am adding a third NIC and having problems
- From: cbtc_it
- RE: HELP I am adding a third NIC and having problems
- From: cbtc_it
- Re: HELP I am adding a third NIC and having problems
- From: cbtc_it
- HELP I am adding a third NIC and having problems
- Prev by Date: Re: HELP I am adding a third NIC and having problems
- Next by Date: Re: Using Watchguard Firebox X with ISA
- Previous by thread: Re: HELP I am adding a third NIC and having problems
- Next by thread: ISA 2004 logging on SQL 2005
- Index(es):
Relevant Pages
|
