IPsec (Tunnel) VPN seems to form but i cant connect from either si

Hi peeps, i have used the wizard to create my VPN which seemed very simple.

Its created the networks and the firewall policy to allow access from
internal to the network on the other side of the VPN (set to route). I can
see the Hand shake on the VPN in the US (Dallas) phase II completes fine. But
once the connection is made i cant ping or connect to any of the computers in
the US... I can see traffic from the US arriving on the ISA server by putting
the filter on with the source network set to Dallas. But anything i send from
the ISA server to the US is not arriving.

Do i need to set up any other rules or static routes? i have tried
everything i can think of and nothing works :(

Hope some one can help!!!!


Here are the settings (Hope this is enough)...

Local Tunnel Endpoint: 213.106.224.***

Remote Tunnel Endpoint: 209.19.4.***

To allow HTTP proxy or NAT traffic to the remote site,
the remote site configuration must contain the local
site tunnel end-point IP address.

IKE Phase I Parameters:
Mode: Main mode
Encryption: 3DES
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (*******************)
Security Association Lifetime: 28800 seconds

IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: 3DES
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 3600 seconds
Kbyte Rekeying: OFF

Remote Network 'Dallas' IP Subnets:
Subnet: 192.168.113.0/255.255.255.0

Local Network 'Internal' IP Subnets:
Subnet: 192.168.111.0/255.255.255.0

Routable Local IP Addresses:
Subnet: 192.168.111.0/255.255.255.0


------- The Networks as they are in the Networks window...
Dallas - 192.168.113.0 - 192.168.113.255
Internal 192.168.111.0 - 192.168.111.255

------ The Network Rules....
Dallas to Internal Network - Route - Dallas - Internal

------ Firewall Rules.....
Dallas and Internal
Allow
All Outbound Traffic
From : Dallas + Internal
To : Dallas + Internal

System Rule : Allow VPN site-to-site traffic to ISA Server
Allow
IKE Client + IKE Server + IPsec ESP Server + IPSec ESP + IPsec NAT-T Client
+ IPsec NAT-T Server
From : External + IPsec Remote Gateways
To : Local Host

System Rule : Allow VPN site-to-site traffic from ISA Server
Allow
IKE Client + IKE Server + IPsec ESP Server + IPSec ESP + IPsec NAT-T Client
+ IPsec NAT-T Server
From : Local Host
To :External + IPsec Remote Gateways


.

Relevant Pages

  • RE: Quick Mode SA fails because of ISA Server proposal
    ... You should get in tough with SAP and get your VPN connection working up to ... presents the entire IP-range of your internal network. ... Everytime you restart your ISA Server or the IPsec service, ...
    (microsoft.public.isa.vpn)
  • RE: Quick Mode SA fails because of ISA Server proposal
    ... The Address from my VPN Gate. ... You should get in tough with SAP and get your VPN connection working up to ... presents the entire IP-range of your internal network. ... Everytime you restart your ISA Server or the IPsec service, ...
    (microsoft.public.isa.vpn)
  • RE: Quick Mode SA fails because of ISA Server proposal
    ... The Address from my VPN Gate. ... You should get in tough with SAP and get your VPN connection working up to ... presents the entire IP-range of your internal network. ... Everytime you restart your ISA Server or the IPsec service, ...
    (microsoft.public.isa.vpn)
  • Re: VPN on Small Business Server 2k3
    ... I am able to ping the vpn server ip successfully. ... Currently I have the vpn subnet manually set for 154.204.50.x I changed it ... the SBS network is 192.168.0.x and the local subnet here at the remote locale ...
    (microsoft.public.windows.server.sbs)
  • OT: RRAS doesnt R
    ... A remote user now needs access to our network. ... She needs to connect via VPN ... Our office is only one subnet. ... Here's the routing table from a "route print" done on Dataman, ...
    (microsoft.public.cert.exam.mcse)
Loading