Re: site to site connection
- From: Nuno Santos <NunoSantos@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 May 2007 14:39:02 -0700
Philip
1-You are right, the VPN connection is provided by a provider and completely
configurted by them.
2-the scheme is:
headquarter, 10.0.0.X mask 255.255.255.0
where 10.0.0.1 is the active directory and ISA server, this server has two
network cards, 10.0.0.1 and 192.168.100.10
The router that is conected to the HQ is 192.168.100.2
than i have 5 branches:
10.0.2.X mask 255.255.255.0 (router 10.0.2.2)
10.0.4.X mask 255.255.255.0 (router 10.0.4.2)
10.0.5.X mask 255.255.255.0 (router 10.0.5.2)
10.0.6.X mask 255.255.255.0 (router 10.0.6.2)
10.0.7.X mask 255.255.255.0 (router 10.0.7.2)
i can make a remote desktop connection to the isa server from the branches,
and vice versa.
But from within the headquarter i can´t access the branches.
I have a company (outsourcing) to configure the ISA server but they are
saying that IP scheme does not work.
If possible tell me if this IP scheme works fine?
"Phillip Windell" wrote:
"Nuno Santos" <NunoSantos@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:89990A38-2CB7-4F6E-B3A5-13E7867D28DE@xxxxxxxxxxxxxxxx
I can ping the branches from the server where i have The ISA server,
SBS2000, domain controller and ISA server.
I can´t ping from the netwrok clients.
Is there any tool that i can use to see where is the problem.
The operator is saying that the VPN is flawless, but i stil think that is a
routing problem, in the router that provides the access to the HQ.
The branches can ping the ISA external network card (192.168.100.10), but
That is a waist of time. The external card has nothing to do with anything.
can´t ping none of the network clients, 10.0.0.X.
Wich rules must i activate to allow acess to the internal network based on IP?
First, forget ping. Ping means nothing. Ping only verifies that ping
works,...it does not verify anything else. Other traffic can work fine even if
ping does not.
Second, what do you mean by "VPN site to site provided by our telecomunication
provider"? What does that have to do with ISA?
If you cannot describe the situation clearly, then there is nothing anyone can
do to help.
Now, I am going to take some guesses here:
Guess #1. The VPN is provided by a hardware device from the provider that has
nothing to do with ISA.
Guess #2. The problem is the LAN Routing scheme is incorrect.
Here is how it should be in that case:
1. On the ISA include all the IP ranges for all sites and all of HQ in the
Internal Network Definition.
2. The ISA needs a Static Route(s) in the OS's Routing Table that tells the ISA
to use the Local VPN Device as the "path" to all the LAN/WAN subnets.
3. The VPN Device needs to be the Default Gateway of all the Hosts on the LAN
4. The VPN Device uses the ISA as its Default Gateway.
5. The VPN Device must have all the routes (static or dynamic) and be aware of
how to get to all the LAN/WAN subnets. This should have been done when the VPN
was first setup.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
- Follow-Ups:
- Re: site to site connection
- From: Phillip Windell
- Re: site to site connection
- Prev by Date: VPN Domain authentication on ISA 2006
- Next by Date: Re: site to site connection
- Previous by thread: VPN Domain authentication on ISA 2006
- Next by thread: Re: site to site connection
- Index(es):
Relevant Pages
|
Loading
