RE: VPN Connects, but no Internal IP or network resources.

Well, I'm not certain that it's an OS problem, but the thing we have in
common is that we're both using W2K3, SP1. We're using entirely different
versions of ISA yet seem to be having (almost) the same trouble. As I said,
I never had this trouble with ISA 2000 on a W2K box. (I wish I had
experience with ISA 2004 on a W2K box, but I don't.) All that makes me guess
that it's an access problem with the OS due to permissions or something.

I just noticed in this post though, that you can't even ping the other
machines. I can ping but I can't search for a computer or use a UNC path or
search AD, etc.

After you ping a machine, look at the arp cache by typing "arp -a" at a
Command Prompt. Do you see the entry that maps the MAC address with the IP
address that you pinged? If you do, then it may indicate that the problem is
an access issue rather than connectivity.

My ISA server is going to be down until I rebuild it, so I can't even do any
troubleshooting for now.

Good luck.

"Scott" wrote:

> Charlie,
> I am still able to get connected.. However, I am unable to ping either
> by name or IP. I do have SP1 on the W2k3 box. Also, I have all the ISA
> updates that I am aware of.
> Just out of couristy, how are you looking at it as if it is an OS problem?
> I dont see it as such. Please fill me in.
>
> Also, I have only posted it to this forum.
>
> Thank you . All replies welcome.
>
> Scott
> "Charlie" wrote:
>
> > Scott, thanks for the post.
> > Coincidentally I was going to post nearly the same problem, but now I have a
> > much bigger one, which I won't get into here. (I'm probably going to end up
> > reinstalling from scratch.)
> >
> > The only difference with my problem is that I'm using ISA 2004 on Windows
> > 2003. I had no trouble making the connection with either L2TP or PPTP and I
> > can ping any computer on the remote network by name or IP address, but I
> > can't connect to any resources. It's not name resolution that's the culprit
> > because I can't connect by IP address either. (Like I said, I can ping by
> > DNS name OK.) The reason I'm glad that you posted is because you are leading
> > me to believe that the problem is the OS version, not the ISA version. I
> > have done the same using Windows 2000 and ISA 2000 with no similar problems
> > whatsoever.
> > I have SP1 installed on the W2K3 box, do you?
> >
> > I looked through here yesterday for posts describing this problem and I
> > didn't find anything, which surprised me; another reason I'm glad to hear
> > from someone else.
> >
> > Have you posted this separately?
> >
> > Cheers.
> >
> > "Scott" wrote:
> >
> > > Charlie and Rolfs00,
> > >
> > > I have a W2k3 server with ISA2000. I was having the same problem of not
> > > getting any internal IP addresses unless I set up a static IP address field.
> > > Charlie is correct in that manner that you will have to choose the Internal
> > > adaper to look for the DHCP server.
> > >
> > > Now the problem I am still having is that once I get connected I still
> > > cannot browse the network or get access to any resources. Most of the
> > > documentation I have found deals with connecting and getting connected with
> > > client to server or server to server. I havent found much on getting
> > > connected but unable to use network resources.
> > >
> > > If anyone has any ideas, please let me know.
> > >
> > > Any and all help is welcome.. :) Thank you.
> > >
> > > Scott
> > >
> > > "Charlie" wrote:
> > >
> > > > Most likely you are also getting Event Log messages that say the RRAS server
> > > > (or ISA) can't contact a DHCP server.
> > > > Sorry to be vague about this, but I don't have access to an ISA 2004 or
> > > > Win2003 box at the moment.
> > > > Generally when I have had this problem in the past, it's because the RRAS
> > > > server is trying to contact a DHCP server on the external interface.
> > > > Even though you are using ISA, you might want to check this in the RRAS
> > > > properties:
> > > > Right click on the Server and go to Properties and the IP tab. At the
> > > > bottom where it says "Use the following adapter to obtain DHCP.....", make
> > > > sure Local Area Connection is chosen. Keep in mind that I am looking at W2K
> > > > RRAS, so I might be completely off with the interface that you will see in
> > > > W2K3 (I assume). But generally, I think this is the direction you need to go
> > > > to fix the problem. (The setting may be on the ISA server in the case of ISA
> > > > 2004.)
> > > >
> > > > "rolfs00" wrote:
> > > >
> > > > > Hi!
> > > > >
> > > > > I am having a heck of a time getting VPN to work. I have followed the guides
> > > > > posted here and at MS. I have also read the forum, searched the MS site, and
> > > > > bought the Configuring ISA Server 2004 book to no avail. My problem, I am
> > > > > afraid, is very simple but I am too dumb to figure it out. Here is what
> > > > > happens:
> > > > >
> > > > > 1) I can connect via PPTP to the ISA Server, no problem. On the Details tab
> > > > > of the Connection icon in the system tray, it matches the screenshots posted
> > > > > here and elsewhere -- which signify a successful connection.
> > > > >
> > > > > 2) I cannot get an internal IP (192.168.1.X) to save my life (unless I do it
> > > > > through a statically assigned address pool). I only get a 169.254.X.X address.
> > > > >
> > > > > 3) I also cannot ping any internal network resources including the server
> > > > > (either its internal or external NIC). They cannot ping me either.
> > > > >
> > > > > 4) The server is called "Server" and then I do Start -- Run -- "\\Server", I
> > > > > get a message that says it is not found.
> > > > >
> > > > > 5) I also cannot browse for network resources.
> > > > >
> > > > > I have set up the DHCP scope to go from 192.168.1.0 - 192.168.1.254. I have
> > > > > set up the internal network to go from 192.168.1.1 - 192.168.1.99. I have
> > > > > also set up exclusions for external NIC (192.168.10.100) and the internal NIC
> > > > > (192.168.1.50).
> > > > >
> > > > > The client computer is running Win XP Pro SP2.
> > > > >
> > > > > I have no idea if this makes a difference, but when (under ISA Server) I go
> > > > > to Configuration - Networks - Double Click on Interal (which shows the
> > > > > 192.168.1.0 - 192.168.1.255), select Addresses, then Add Adapter, I notice 2
> > > > > things:
> > > > >
> > > > > 1) There is a "new" RAS Server (Dial-in) Interface. It states in the info
> > > > > box beneath it:
> > > > >
> > > > > Name: WAN (PPP/SLIP) Interface
> > > > > IP Addresses: 169.254.45.252
> > > > > Route Information: 169.254.45.252 - 169.254.45.25
> > > > >
> > > > > 2) On the external NIC, it states:
> > > > > Name: U.S. Robotics 10/100 PCI NIC TX - Packet Scheduler Miniport
> > > > > IP Addresses: 192.168.10.100
> > > > > Route Information:
> > > > > 0.0.0.1 - 126.255.255.255,
> > > > > 128.0.0.0 - 169.254.45.251,
> > > > > 169.254.45.253 - 192.168.0.255,
> > > > > 192.168.2.0 - 223.255.255.255,
> > > > > 240.0.0.0 - 255.255.255.254
> > > > >
> > > > > PLEASE PLEASE PLEASE HELP ME. At this point, I about to start forcing my
> > > > > users to use carrier pidgeons for remote access.
> > > > >
> > > > > Cheers,
> > > > > rolf
.

Relevant Pages

  • Re: HTTP trouble in 2004
    ... > understand is why can't I ping the public address of the DC. ... >> separating the DC role from the ISA Server role. ... >>>I appear to be an ISA dummy and have a small problem. ... My nics are setup with teh DC being the DNS server and my IE ...
    (microsoft.public.isaserver)
  • Re: Valid scenario for ISA 2004 Site to Site Deployment?
    ... Right - I understand your point regarding ping. ... rule setup so the corpnet can talk to the hosted server w/o any problems. ... So - back to the original question, would this be a valid scenario for ISA ...
    (microsoft.public.isa.configuration)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... ping works. ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... request and Ping reply come in and out of the internal interface that is on ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)
  • Re: NAT question
    ... server running Windows Server 2003, Exchange, and ISA. ... ISA as another layer of defense so the server is multihomed. ... Really bad to depend on windows for network connectivity. ... You still need to get public traffic to the exchange server ...
    (comp.dcom.sys.cisco)