Re: ISA 2004 site-to-site vpn L2TP/IPSEC not passing traffic
From: Phillip Windell (_at_.)
Date: 01/10/05
- Next message: Ron: "WindowsXP Pro vpn?"
- Previous message: Daphne Levy [MSFT]: "Re: Pix - Pix Tunnel and ISA2004"
- In reply to: zizoux: "ISA 2004 site-to-site vpn L2TP/IPSEC not passing traffic"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 13:49:15 -0600
"zizoux" <ziad.kilany@gmail.com> wrote in message
news:30321e678c4c72b3b1e2b957997c11c5@localhost.talkaboutsoftware.com...
> I have established a site-to-site vpn using 2 ISA 2004 (L2TP/IPSEC). The
> problem is that I can Access the second branch from the isa server itself
> but if I try to access the second branch from any another pc on my network
> it fails.
> e.g.: If I try to ping or use a dns server on the main branch I get in the
> logging: Denied.
>
> My scenario is that I'm trying to install a child domain in a remote site.
> I'm connecting the two sites with my ISA servers 2004. I want to allow all
> traffic from both sites. I have different private IPs and different real
> IPs.
> ISA server Main brach:
> NIC1: 192.168.10.240
> NIC2: <Real IP#1>
> ISA server child branch:
> NIC1: 192.168.12.240
> NIC2: <Real IP#2>
> I have tried to tracert a pc on the main branch but it failed also.
> Help needed.
> Thanks in advanced.
Both ISA's need to interpret both networks as "internal". The "Real IP" is
not even part of this problem,..it is totally irrelevant. Both 192.168.10.0
and 192.168.12.0 must not be interpreted as "external" by either ISA.
The routing scheme of the LAN comes into play. How you have the Default
Gateways rigged up and what they do is key to this.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com
- Next message: Ron: "WindowsXP Pro vpn?"
- Previous message: Daphne Levy [MSFT]: "Re: Pix - Pix Tunnel and ISA2004"
- In reply to: zizoux: "ISA 2004 site-to-site vpn L2TP/IPSEC not passing traffic"
- Messages sorted by: [ date ] [ thread ]
