ISA 2006 - D-Link DFL-210 site-to-site VPN loses packets
- From: jgb <jgb@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 27 Aug 2008 03:37:01 -0700
I have the following setup:
Main site: ISA Server 2006 SP1 on Windows Server 2003 R2 SP2. Two AD domain
controllers (on other machines).
Remote site: D-Link DFL-210 (F/W: 2.20). No servers, just two Vista SP1
laptops and a network printer.
I have set up an IPSec site-to-site VPN-tunnel using a PSK and mostly it
works alright. I can ping systems in both directions and I can access
intranet websites.
I can also log in to the Windows domain from the laptops at the remote site.
But access to resources (files, CRM-system, SQL-server and so on) is slower
then I had expected and sometimes the users lose the access rights to some of
the systems.
In the ISA log I get a lot of FWX_E_TCP_NOT_SYN_PACKET_DROPPED errors for
packets sent from laptops at the remote site to servers at the main site.
NetMon also shows a lot of "ICMP: Time Exceeded Message" messages from the
servers to the laptop.
In ISA 2006 the network object for the remote site includes the IP-range for
that subnet and also the external interface address for the DFL-210. There
are two network rules set up that routes traffic from "Remote net" to
"Internal" and from "Internal" to "Remote net" (the latter is for me to be
able to remotely access the systems at the remote site).
Obviously something is wrong since ISA finds a lot of packets that it can't
match to an open session, but I can't figure out what the problem is. Anyone
got an idea?
.
- Prev by Date: Re: Your advice re secure access to remote datacenter
- Previous by thread: Your advice re secure access to remote datacenter
- Index(es):
Relevant Pages
|
