Re: Outgoing VPN Error 619

"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D2EF7C2-BDCE-43CF-B29F-5BE8D75945DB@xxxxxxxxxxxxxxxx
I only beat you when you ask me to; it's part of our "special
relationship"... :-p

Fair enough :-)

"stealing" from the LAT for the VPN network
without actually changing the LAT network (includes actually changing that
network ) creates an overlap

That's what I was thinking of and is what I do with my VPN Clients. I'm not
having any trouble in the sense that it "works." I had expected to get the
spooing alerts although there is none listed at the moment related to VPN
Clients. So yes,..I just treated the alerts as "safe to ignore".

Ok, to make sure I understand the process...

So if I understand Tom's description of the VPN Clients Network near the
beginning of the article
(http://www.isaserver.org/tutorials/Enabling-Remote-Access-VPN-Clients-Access-Branch-Office-Site-to-Site-VPN.html)
correctly, ISA will dynamically move an IP# from the Internal into the VPN
Clients Network when a connection is made,..but during that brief amount of
time, before it completes, a spoofing alert is triggered. When the VPN
Client is done and disconnects the process is dynamically reversed.

Coupling that with what you are saying, if an admin makes sure that the IP#
a VPN Client receives is already not in the Internal Network definition (or
any other network def) then the ISA dynamically adds it to the VPN Clients
Network when needed and there is no spoofing alert generated.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


.

Relevant Pages

  • RE: DHCP and VPN
    ... in this range means that the computer cannot see the network. ... A computer using DHCP needs to have an external server tell it what IP ... I think the VPN clients unable get IP from DHCP on SBS. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN connection drops traffic on all interfaces
    ... I had the same error message, even so I had a lot fewer NICs on my server;) ... My problem was slightly different as my VPN clients were given addresses by ... but can access only a single internal network - 192.168.4.0. ... > "The routing table for network adapter Internal includes IP address ranges ...
    (microsoft.public.isa.vpn)
  • RE: VPN Issue-Cannot access any resources when connected
    ... Your vpn clients are trated like strangers, whom you may have let into the ... > I have a few ISA questions hoping you all can help with. ... > crossover to the pix dmz interface and another nic to the local area network. ...
    (microsoft.public.isa.vpn)
  • Re: PIX NAT Exclusion
    ... In fact folks forget about the vpn clients, ... If I try to ping from the 192.168.10.0 network to the 192.168.0.0 ... then it works all the time on all of the servers and pc's. ...
    (comp.dcom.sys.cisco)
  • Re: One more VPN client problem! Please help!
    ... If it is possible change your network to different subnet and also allocate ... IP addresses from the same subnet to VPN clients. ...
    (microsoft.public.win2000.ras_routing)
Loading