Re: Outgoing VPN Error 619

I only beat you when you ask me to; it's part of our "special
relationship"... :-p

The remote subnet being identical to the LAT subnet is most certainly a
problem, but is not relevant to the question of spoofing, misconfiguration
alerts or initial connection failure.
- Spoofing alerts are received when traffic is received from a source IP
which deviates from the address ranges associated with that network. If you
assign VPN clients the same address range as that assigned to your LAT, ISA
will (rightly) cry foul.
- misconfiguration alerts arise from assigning IP addresses to multiple
networks (among other things); "stealing" from the LAT for the VPN network
without actually changing the LAT network (includes actually changing that
network ) creates an overlap
- if you're seeing no problems with your configuration, it's because either
you've disabled the alerts or are not paying them any attention (or not
using ISA 2004 or 2006)

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:ebCjCHJpIHA.4292@xxxxxxxxxxxxxxxxxxxxxxx
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:78600091-3E54-48E4-B3A5-494F0501CC6F@xxxxxxxxxxxxxxxx
Inbound VPN problem:
You cannot use the same subnet as the LAT.
You MUST use a separate subnet.
There is no option.

Can I ask you to clairify something,...without taking a beating for it,
anyway?

The "same subnet" you mention above,...Are you describing the orignal subnet
the VPN client lives in? Like when a home user is on 192.168.0.x and so is
the business, therefore the user cannot VPN in. Or are you refering to the
VPN client receiving an IP# when they connect that is the same subnet as the
ISA's internal nic. Like when using the same DHCP Scope for both the LAN
and the VPN Clients, that I think was mentioned earlier in the thread.

I am doing the latter and am having no problems.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


.

Relevant Pages

  • Re: One more VPN client problem! Please help!
    ... If it is possible change your network to different subnet and also allocate ... IP addresses from the same subnet to VPN clients. ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN Routing Table
    ... What you're experiencing are communication problems, not connection ... from the VPN clients network into the internal network. ... > Tunneling Protocol connection to a network whose subnet ...
    (microsoft.public.isa.vpn)
  • Re: One more VPN client problem! Please help!
    ... > IP addresses from the same subnet to VPN clients. ... >> browse our network. ... I can allocate the IP addresses for VPN client from ...
    (microsoft.public.win2000.ras_routing)
  • RE: configuration question - SQL through ISA
    ... You would have to modify your LAT manually so that the New External Subnet ... Also you internet network cards should not have Default ... >>not anywhere in your internal network. ...
    (microsoft.public.isa.configuration)
  • Re: New to RRAS for Routing
    ... I have added the new subnet to the LAT on the Proxy ... the LAN is the whole collection of local Networks. ...
    (microsoft.public.windows.server.networking)
Loading