Re: Site to Site works one way!
- From: "Ken F" <TechAdmin@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 21:14:20 -0400
For future searchers on this issue......resolution of the problem was to add
the SBS WAN network as a Destination Set in the VPN configuration.....for
example, if the network behind your SBS is 192.168.16.0/24 and the VPN
Gateway is at 200.200.200.200, then the destination set would include both
192.168.1.0 255.255.255.0
and
200.200.200.200 255.255.255.255
"Ken F" <TechAdmin@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23d$XLKZxGHA.1808@xxxxxxxxxxxxxxxxxxxxxxx
Have you found a solution to this issue yet? I am having the same issue
with a new SonicWall TZ170 site-to-site......I am able to see remote
network resources from hosts behind ISA, but not from ISA itself.......my
branch office can also reach resources behind ISA..I have spent nearly 3
full days and lots of suport time trying to resolve this....here is an
article I came across that refers to D-Link VPN's
http://www.isaserver.org/articles/2004isadlink.html
"David Lozzi" <dlozzi@xxxxxxxxxxxxx> wrote in message
news:%23Wc%23YqMtGHA.372@xxxxxxxxxxxxxxxxxxxxxxx
Howdy,
Here's my scenario:
sbs2003pre w/ isa 2004 -- dlink router -- internet -- dlink router --
win2003 w/ isa 2004
Both servers are in the DMZ of each router. The dlinks are there because
these ISA networks are secondary networks. I followed the following link
to
setup the VPN between the two servers:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositevpn.mspx
In addition, i added two firewall polices to each ISA box: From remote
network to internal and local and from internal and local to remote
network,
all protocols. The remote sites are setup as follows:
Address range: internal of each. both different ips (10.0.25.0 and
192.168.7.0)
Each has the external IP address of the other server specified. The ISP's
IP.
Local VPN Gateway IP Address specifies the external ip of isa
(192.168.1.20
and 10.7.7.150 respectively)
IPSEC Settings (from top to bottom)
Phase I tab
3DES
MD5
Group 2
28800
Phase II Tab
3DES
MD5
Generate key every 3600 seconds
Use PFS is checked
Group 2
Authentication is pre-shared key, both the same key
This was working great for quite some time. I went on vacation, came back
and now my remote server is not seeing the SBS server. When i ping the
SBS from the remote server I get Negotiating Security repeatedly. If I
ping the remote server from SBS I get a reply. If I ping the SBS server
from a workstation on the remote network, I will get a few time outs and
a few replies. Its very sporatic. My workstation has Outlook 2003 to
connect to the SBS server and it keeps losing and restoring connections.
I've rebooted the workstation and remote server and restarted ISA Control
service on the SBS server. If I turn on monitoring in ISA on the remote
server and try to access resources on the SBS server from my workstation,
it shows the traffic as initiated and closed, no denies...
Any ideas or suggestions?
--
David Lozzi
dlozzi@(remove)delphi-ts.com
www.delphi-ts.com
.
- References:
- Site to Site works one way!
- From: David Lozzi
- Re: Site to Site works one way!
- From: Ken F
- Site to Site works one way!
- Prev by Date: Re: VPN Newbie
- Next by Date: Causing TS Session Timeout?
- Previous by thread: Re: Site to Site works one way!
- Next by thread: VPN session timeout- ISA 2004
- Index(es):
Relevant Pages
|
Loading
