Re: VNC to Remote Site
- From: Ripley <Ripley@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Oct 2005 01:22:03 -0700
Phillip,
Thank you very, very much for your comprehensive reply! I'm very grateful
for you explaining things in so much detail.
Your assumptions are all absolutely spot on. Every one of them is exactly my
scenario. Apologies for not supplying this info initially.
I went into ISA Server 2004 and right clicked on "Internal". In here are the
addresses: 172.31.0.0 to 172.31.255.255 and 192.168.1.0 to 192.168.2.255.
I've no idea what the first range is all about, I just presumed it was
something to do with the SBS server itself. The second range is included
because the IP ranges of our networks is as follows:
Local LAN on which the ISA Server resides - 192.168.1.0 to 192.168.1.255
Remote Site LAN - 192.168.2.0 to 192.168.2.255
So are these settings correct in the "Internal" section do you think?
Also, your second suggestion about adding a route .... I did actually do
this when the remote site first when live. I can ping any device on the
remote site without a problem. I just can't seem to VNC any of them now.
Which is what made me think "Is ISA blocking the VNC port of 5900 maybe??".
Hope you can help further.
"Phillip Windell" wrote:
> "Ripley" <Ripley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:A958533D-CFDE-469A-A710-B5A9210825D5@xxxxxxxxxxxxxxxx
> > Phillip,
> >
> > Thanks for your reply ... sorry, but in simple terms what do you mean
> > exactly??
>
> I'm afraid any explaination will only become more complex :-)
>
> Anyway, the only thing I really gathered was that you have a independent
> private connection to another "LAN" via using a device from BT Equipment.
> For everything else I am forced to make assumptions. So unfortunately I am
> making a *lot* of assumptions and I don't really like doing that. Here is
> what I have assumed:
>
> 1. The BT Equipment device is located on your LAN behind the ISA along with
> all your other machines.
> 2. The Device is used as the "Gateway" to get to the remote LAN
> 3. The Device either uses some kind of private connection like a Lease Line
> (T1, Frame Relay, etc). If not then it uses a Site-to-Site VPN link between
> itself and the Device on the other end.
>
> In any case, this creates the same "topology" as if you simply had two
> subnets on your LAN with a LAN Router between them with an ISA on the
> network "edge" of the first subnet. So the LAN Segment (Remote Site) on the
> opposite side of the Router (the BT Eqip devce) from the ISA needs to be
> treated just the same as the LAN Segment (your local LAN) that is between
> the LAN Router and the ISA.
>
> These two diagrams are really the same thing:
> 1. [Segment2]--<lan router>--[Segment1]--<ISA>--[Internet]
> 2. [Remote Site]--<BT Device>--[Segment1]--<ISA>--[Internet]
>
> So,...All LAN Segments are considered Local and Private and therefore must
> be included in the Internal Network Definition on ISA. If the ISA needs to
> communicate with the Remote Site ("yes" if it is the default gateway of your
> clients) then it will also need a Static Route added via a command prompt
> for the Remote Site.
>
> "Route add -p <remote site IP ID> mask<proper mask> <IP of BT Device>"
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
>
.
- Prev by Date: Annonymous Access
- Next by Date: Supervision window
- Previous by thread: Annonymous Access
- Next by thread: Re: Stop 0x0f04dead after installing ISA server 2004
- Index(es):
Relevant Pages
|
Loading
