Re: weird gateway to gateway vpn issue

From: David P (dp_at_cways.co.uk)
Date: 08/27/04 

Date: Fri, 27 Aug 2004 13:57:06 +0100

nothing at all. not a sniff of information!

looks like an expensive call to microsoft! brand new install too... do I get
a free incident at all ?
"Bruno GUERPILLON" <spam@gerpion.com> wrote in message
news:%23SBN5PDjEHA.356@tk2msftngp13.phx.gbl...
> David P wrote:
> || bruno,
> ||
> || each site has their own internal DNS and DHCP server. Each client at
> || each site is configured to connect to the local site ISA server.
> ||
> || As stated, works fine if the vpn link is broken. but then the vpn
> || link is automatically re-established and then the other site can no
> || longer connect to Web pages.
>
> Any info in the event viewer ?
>
>
>
> || "Bruno GUERPILLON" <spam@gerpion.com> wrote in message
> || news:OgyuOtCjEHA.644@tk2msftngp13.phx.gbl...
> ||| David P wrote:
> ||||| Bruno,
> |||||
> ||||| The only protocol rules I have on server A on site A is for HTTP
> ||||| allow. ( FTP, FTP Download Only,Gopher, HTTP,HTTPS) and a real
> ||||| player rule (PNM client, PNM Server, RTSP,RTSPServer) and I have
> ||||| the same for server B on site B.
> |||||
> ||||| I can get out to web sites only from one site, If i want to get to
> ||||| web sites from site B I have to disconnect the gateway to gateway
> ||||| VPN. Once disconnected the VPN re-establishes itself and users on
> ||||| site B can get out to the internet but users on site A then
> ||||| cannot !
> |||||
> |||
> ||| Weird is the exact word.
> ||| Does both site got a DNS for internet name resolution ?
> ||| Does clients configured to only use their ISA ?
> ||| Is there any DHCP on the sites ?
> |||
> ||| Bruno
> |||
> |||||
> ||||| "Bruno GUERPILLON" <spam@gerpion.com> wrote in message
> ||||| news:OFVPGsAjEHA.1048@tk2msftngp13.phx.gbl...
> ||||||
> |||||| "David P" <dp@cways.co.uk> a écrit dans le message de
> |||||| news:uA7gc33iEHA.3712@TK2MSFTNGP15.phx.gbl...
> ||||||| I have a weird issue.
> |||||||
> ||||||| Scenario is single Windows 2003 domain with 2 sites. each site
> ||||||| has a domain controller that connects over the internet through
> ||||||| RRAS dial on demand gateway to gateway vpn links. Both sites
> ||||||| are part of the same windows 2003
> ||||||| domain and replication works fine between remote and hub domain
> ||||||| controllers.
> |||||||
> ||||||| Each VPN gateway at each site is running ISA 2000 SP2.
> |||||||
> ||||||| The vpn's work fine and I can access resources on the remote
> ||||||| sites. The issue I am having is that only one site can connect
> ||||||| to the internet through their local ISA server at any one time.
> |||||||
> ||||||| If I am on site A and the gateway to gateway is up only site B
> ||||||| can connect
> ||||||| to the internet through ISA. If I disconnect the VPN gateway on
> ||||||| site A. site A can then connect to the internet through ISA but
> ||||||| site B then cannot connect to the internet through ISA and so on
> ||||||| !!!!! The gateway to gateway
> ||||||| vpn is a persistent connection too.
> |||||||
> ||||||| I can resolve web sites to IP address's on the local ISA
> ||||||| server's no problem at all times.
> |||||||
> ||||||| What am I doing wrong ??? I have to implement another 2
> ||||||| additional sites next week so would like this bottomed.
> |||||||
> ||||||| Thanks in anticipation
> |||||||
> |||||||
> ||||||
> |||||| Hi David
> ||||||
> |||||| How are defined your protocols rules on each ISA ?
> ||||||
> |||||| Regards
> ||||||
> |||||| Bruno GUERPILLON
>
>

Relevant Pages

  • RE: Configuring ISA 2004 for outbound MS VPN access
    ... internal users to connect to an external VPN server through Microsoft ... Internet Security and Acceleration (ISA) Server 2004. ... remote VPN network is not in the local ISA server's LAT (for ISA 2004, ... Joining Networks over the Internet with a Gateway to Gateway VPN: ...
    (microsoft.public.windows.server.sbs)
  • Re: Coexistence and routing of two internet feeds
    ... this is a routing problem that RRAS should be able to ... will just use one gateway, and only switch if that goes down. ... for a VPN link because you know exactly what traffic needs to go over the ... > routing table point all internet traffic to the VSAT and VPN goes to DSL. ...
    (microsoft.public.win2000.ras_routing)
  • Re: Weird site to site issue... ?
    ... set to point out to the Internet. ... The only real change should be that each VPN server now has a route ... > gateway to gateway vpn links. ... > through their local ISA server at any one time. ...
    (microsoft.public.win2000.ras_routing)
  • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
    ... You have to separate in you mind the concept of the VPN -vs- the Internet ... Internet Locations and it will *blindly* send them to the proxy if IE ... Understanding the ISA 2004 Access Rule Processing ...
    (microsoft.public.isa.vpn)
  • Re: Domain authentication
    ... There is no easy solution since internet access "usually" only needs the ... right default gateway IP address and does not require any sort of computer ... Microsoft Server 2000/2003 can be a Certificate Authority and IAS ... Another solution could be to use Microsoft ISA 2004 to manage your ...
    (microsoft.public.security)