Re: weird gateway to gateway vpn issue

From: Bruno GUERPILLON (spam_at_gerpion.com)
Date: 08/27/04

  • Next message: jaime: "urge" 
    Date: Fri, 27 Aug 2004 15:04:26 +0200

    David P wrote:
    || nothing at all. not a sniff of information!
    ||
    || looks like an expensive call to microsoft! brand new install too...
    || do I get a free incident at all ?

    Could you give more infos about the ISA Nics config ?
    Regards

    || "Bruno GUERPILLON" <spam@gerpion.com> wrote in message
    || news:%23SBN5PDjEHA.356@tk2msftngp13.phx.gbl...
    ||| David P wrote:
    ||||| bruno,
    |||||
    ||||| each site has their own internal DNS and DHCP server. Each client
    ||||| at each site is configured to connect to the local site ISA
    ||||| server.
    |||||
    ||||| As stated, works fine if the vpn link is broken. but then the vpn
    ||||| link is automatically re-established and then the other site can
    ||||| no longer connect to Web pages.
    |||
    ||| Any info in the event viewer ?
    |||
    |||
    |||
    ||||| "Bruno GUERPILLON" <spam@gerpion.com> wrote in message
    ||||| news:OgyuOtCjEHA.644@tk2msftngp13.phx.gbl...
    |||||| David P wrote:
    |||||||| Bruno,
    ||||||||
    |||||||| The only protocol rules I have on server A on site A is for
    |||||||| HTTP allow. ( FTP, FTP Download Only,Gopher, HTTP,HTTPS) and a
    |||||||| real player rule (PNM client, PNM Server, RTSP,RTSPServer) and
    |||||||| I have the same for server B on site B.
    ||||||||
    |||||||| I can get out to web sites only from one site, If i want to
    |||||||| get to web sites from site B I have to disconnect the gateway
    |||||||| to gateway VPN. Once disconnected the VPN re-establishes
    |||||||| itself and users on site B can get out to the internet but
    |||||||| users on site A then cannot !
    ||||||||
    ||||||
    |||||| Weird is the exact word.
    |||||| Does both site got a DNS for internet name resolution ?
    |||||| Does clients configured to only use their ISA ?
    |||||| Is there any DHCP on the sites ?
    ||||||
    |||||| Bruno
    ||||||
    ||||||||
    |||||||| "Bruno GUERPILLON" <spam@gerpion.com> wrote in message
    |||||||| news:OFVPGsAjEHA.1048@tk2msftngp13.phx.gbl...
    |||||||||
    ||||||||| "David P" <dp@cways.co.uk> a écrit dans le message de
    ||||||||| news:uA7gc33iEHA.3712@TK2MSFTNGP15.phx.gbl...
    |||||||||| I have a weird issue.
    ||||||||||
    |||||||||| Scenario is single Windows 2003 domain with 2 sites. each
    |||||||||| site has a domain controller that connects over the internet
    |||||||||| through RRAS dial on demand gateway to gateway vpn links.
    |||||||||| Both sites are part of the same windows 2003
    |||||||||| domain and replication works fine between remote and hub
    |||||||||| domain controllers.
    ||||||||||
    |||||||||| Each VPN gateway at each site is running ISA 2000 SP2.
    ||||||||||
    |||||||||| The vpn's work fine and I can access resources on the remote
    |||||||||| sites. The issue I am having is that only one site can
    |||||||||| connect to the internet through their local ISA server at
    |||||||||| any one time.
    ||||||||||
    |||||||||| If I am on site A and the gateway to gateway is up only site
    |||||||||| B can connect
    |||||||||| to the internet through ISA. If I disconnect the VPN gateway
    |||||||||| on site A. site A can then connect to the internet through
    |||||||||| ISA but site B then cannot connect to the internet through
    |||||||||| ISA and so on !!!!! The gateway to gateway
    |||||||||| vpn is a persistent connection too.
    ||||||||||
    |||||||||| I can resolve web sites to IP address's on the local ISA
    |||||||||| server's no problem at all times.
    ||||||||||
    |||||||||| What am I doing wrong ??? I have to implement another 2
    |||||||||| additional sites next week so would like this bottomed.
    ||||||||||
    |||||||||| Thanks in anticipation
    ||||||||||
    ||||||||||
    |||||||||
    ||||||||| Hi David
    |||||||||
    ||||||||| How are defined your protocols rules on each ISA ?
    |||||||||
    ||||||||| Regards
    |||||||||
    ||||||||| Bruno GUERPILLON

  • Next message: jaime: "urge"

    Relevant Pages

    • RE: Configuring ISA 2004 for outbound MS VPN access
      ... internal users to connect to an external VPN server through Microsoft ... Internet Security and Acceleration (ISA) Server 2004. ... remote VPN network is not in the local ISA server's LAT (for ISA 2004, ... Joining Networks over the Internet with a Gateway to Gateway VPN: ...
      (microsoft.public.windows.server.sbs)
    • Re: weird gateway to gateway vpn issue
      ... but then the vpn ... web sites from site B I have to disconnect the gateway to gateway ... has a domain controller that connects over the internet through ... to the internet through their local ISA server at any one time. ...
      (microsoft.public.isa.vpn)
    • Re: Coexistence and routing of two internet feeds
      ... this is a routing problem that RRAS should be able to ... will just use one gateway, and only switch if that goes down. ... for a VPN link because you know exactly what traffic needs to go over the ... > routing table point all internet traffic to the VSAT and VPN goes to DSL. ...
      (microsoft.public.win2000.ras_routing)
    • Re: Weird site to site issue... ?
      ... set to point out to the Internet. ... The only real change should be that each VPN server now has a route ... > gateway to gateway vpn links. ... > through their local ISA server at any one time. ...
      (microsoft.public.win2000.ras_routing)
    • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
      ... You have to separate in you mind the concept of the VPN -vs- the Internet ... Internet Locations and it will *blindly* send them to the proxy if IE ... Understanding the ISA 2004 Access Rule Processing ...
      (microsoft.public.isa.vpn)
    Loading