ISA 2006 site to site VPN with branch RAS Win2003 server

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Peter De Tender" <peter.detender@xxxxxxxxx>
• Date: Fri, 21 Nov 2008 11:18:10 +0100

---

Hello,

I have the following setup:

Main Site - ISA 2006 behind an SDSL Cisco router. ISA is firewall, proxy, reverse proxy and VPN dial-in server. PPTP vpn connection for home users is working correctly. IP-addresses for VPN are handed out using DHCP from a DC on the LAN.

Remote Site - Win2003 Server behind an ADSL modem (ISP).
PC's on the remote site use the Win2003 Server as gateway, and they can reach the Main Site network servers.

I configured a VPN PPTP connection from within the Remote site's Routing & Remote Access service, which connects me correctly to the Main Site. When doing an IP-config on this remote site server, I get 3 connections:

a) Ethernet LAN connection : 192.168.1.3
b) PPP Ras Adapter (Dial-in) : 0.0.0.0
c) PPP adapter <VPNName> : 192.168.22.45 (dhcp received from the main site)

I have following questions regarding this setup:

a) is PPTP the correct way for configuring Site-To-Site VPN tunnels?
b) is RRAS the correct service for this connection, or is it advisable to configure a VPN dial-up router in the network for this?
c) how come the PPP Ras Adapter (Dial-In) has 0.0.0.0 as IP-address
d) If a laptop user dials in to the Main Site ISA Server, he can not reach the machines on the remote site; in ISA, the appropriate rules are defined to allow this traffic. When doing a tracert from the laptop, he cannot recognize the remote office.
I did a test when adding a static route to the ISA and Remote Site servers for both IP-segments, and than it all works; but when the VPN connection gets disabled and reconnects, the IP-address that is used (based on DHCP) will be different, by which the static added routes do not work anymore.

I hope it is understandable what I'm asking?

Thanks already for your support,

Peter

.

---

• Follow-Ups:
  • Re: ISA 2006 site to site VPN with branch RAS Win2003 server
    • From: Phillip Windell

• Prev by Date: Re: VPN and Mobile Service Providers
• Next by Date: Re: VPN and Mobile Service Providers
• Previous by thread: VPN and Mobile Service Providers
• Next by thread: Re: ISA 2006 site to site VPN with branch RAS Win2003 server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: gateway vpn how-to? ... After configuring the "Set up Local ISA VPN Server" wizard, ... After that, reboot the server. ... VPN client connections", finish the configuration afterwards. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) RE: VPN Issues, Cannot ping network resources ... resources through VPN after applied SP1. ... You may then reboot the SBS server to see if the issue will be ... Additionally you can upgrade ISA 2000 to 2004 to fix the issue. ... (microsoft.public.windows.server.sbs) Re: VPN with SBS Premuim ... Windows 2003 SP2 networking issues, and then re-ran the CEICW again this time ... I understand that after installing ISA 2004 on the SBS ... server, VPN does not work. ... if you installed SP2 on the SBS server without ... (microsoft.public.windows.server.sbs) Re: ISA2004 kills VPN outbound ... Extract all files to a folder on ISA server. ... Expand the server node and highlight 'Monitoring'. ... After the VPN connection was established, ... |> Since the branch office workstations can connect to the VPN server, ... (microsoft.public.windows.server.sbs) RE: SBS PE - Unable to establish Outbound VPN ... connect to an external VPN server through SBS with ISA 2004 or VPN to SBS ... the firewall client application identifies the internal/external ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.vpn  > 2008-11