Joining Networks over the Internet with a Gateway to Gateway VPN - Loose Internet Browsing

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 07/19/04 

Date: Mon, 19 Jul 2004 08:39:50 -0700

Most likely...

Depends on how the gateways are configured, and whether
you have configured Anonymous Internet support for the
remote VPN clients.

In particular, my guess is that althoush Site B is
properly configured to use the Remote Gateway to the
Internet(No split tunnel)...

- The clients may not be configured to point to the Remote
Gateway properly (all you know is that they can't use the
Local Gateway at this point) Hard to tell, since you don't
describe what "Externals" is supposed to mean, public
addresses on the perimeter of either network or a remote
destination not in either network.
- The remote ISA may not be configured to support both
networks in the LAT. Same comment about "Externals" as
above.
- You may not have created Site & Content and Protocol
rules using Client Sets. Remember, most of the VPN
tutorials on isaserver.org assume that it's possible to
make the remote network a member of the Local Domain but
with SBS each network must be its own Domain with no
support for inter-Domain Trusts.

>-----Original Message-----
>Hello,
>
>I followed the directions in many how-to articles
(including the
>http://www.isaserver.org/tutorials/hubandspokevpn.html
and ) and after
>several attempts and tests I decided to post my doubt in
this group in
>search of tips.
>
>My Configuration:
>
>Site A: SBS2000, ISA sp2
>Local: 192.168.51.2 / 255.255.255.0
>Internet: 200.176.x.x
>
>Site B: SBS2000, ISA sp2
>Local: 192.168.48.2 / 255.255.255.0
>Internet: 200.176.y.y
>
>After followed the directions in
>http://www.isaserver.org/tutorials/hubandspokevpn.html
all looks like OK.
>
>Site A can see all of the machines of the site B. The
machines of the site A
>can navigate in the Internet without problems.
>
>Site B can see all of the machines of the site A, but the
machines of the
>site B CANNOT navigate in the Internet.
>
>Ping and tracert to externals IPs (200.x.x.x) works.
>Name Resolution (dns) from command line works fine.
>Seemingly ISA stops serving the requests from site B when
VPN is
>established.
>
>Does anybody have some suggestion of the one what I
should verify?
>
>Thank you,
>
>Marcelo Goulart
>
>ps: Seeking for a solution in the Internet, I found other
user with a
>similar problem:
>
>http://forums.isaserver.org/ultimatebb.cgi?
ubb=get_topic;f=13;t=002438
>----------------------------------------------------------
---------------
> I have 2 sites : 1 running SBS 2003 Server (with ISA
2000) and the other
>running 2003 Server with ISA 2000. Each site has ISA
configured and working
>properly over a broadband connection to the 'External'
network card.
>
>I have followed the Chapter 4 tutorial: "ISA Server 2000
Gateways on each
>site" configured to use a PPTP connection only and have
come up against a
>problem.
>
>When the remote site connects to the main branch I have
access to all the
>network resources over the VPN which is great but the
clients PC's and
>server at the remote site lose internet access.
>
>I can ping internet sites from the server using domain
name and/or IP
>address so I don't think it's a DNS problem. When I
manually disconnect the
>main_branch interface within RRAS full functionality is
restored.
>
>I'm 100% sure that this is a routing problem but is
proving difficult for me
>to resolve. Has anyone has a similar experience who can
maybe point me in
>the right direction ?
>
>Thanks
>----------------------------------------------------------
----------------
>
>
>
>.
>

Relevant Pages

  • Re: SBS2003: RAS-access via VPN (PPTP): DNS-problem
    ... >Anything is working proper with this configuration but little problems ... >The router is configured to let VPN-connections pass through to ... >for the RAS-client is that the remote client itself also is ... >LAN-connection to its router and the internet. ...
    (microsoft.public.windows.server.sbs)
  • Re: Can I run an Internet web server from a Win2K computer?
    ... internet and then back in on your static IP address. ... but the remote IP is usable only remotely. ... So if the packet sets off from your PC it either a) goes straight to the destination machine, or b) goes to the default gateway if the address is NOT a local one. ...
    (microsoft.public.win2000.general)
  • Re: Routing Problem
    ... Checked gateway on client is 132.149.2.75? ... This is my lan configuration.. ... On that time i can able to access the internet through mozilla. ... It gives "Connection timed Out" ...
    (comp.os.linux.security)
  • Re: Best IP configuration for OpenBSD firewall/router
    ... > inbuilt Internet Connection Sharing service) but for some time I ... I personaly don't trust windows enough for my gateway device... ... everything communicates with everything in this configuration. ... your internal network need to be able to talk to the gateway and the ...
    (Security-Basics)
  • Re: rras routing gateway of last resort
    ... For the remotes to get to the Internet, ... > I understand the use gateway on remote option. ... > internet interface to recieve VPN traffic. ... >> the gateway on the remote system or you don't. ...
    (microsoft.public.win2000.ras_routing)