RE: Site-to-Site VPN not working
- From: Erasmo <Erasmo@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Jul 2006 15:14:02 -0700
UMMMM that is exactly right, just the way you described, so what in the heck
am I doing wrong? What did I miss? I being going over and over a thousnad
times the configuration and settings, my main office subnet is 192.168.1.x
and my branh is 192.169.3.x, I have defined those networks in the VPN
configuration network access, I have setup the network routes and i have the
rules, what else? Any way I could send you screenshots?
"Rob" wrote:
Just to be clear...there are two rules on each ISA server. Each rule allows.
all outbound traffic from the Branch to Internal (better is All Protected
Networks) and one the other way, Internal to Branch.
Generally, as long as I have the VPN connection defined properly (includes
all IP's in the remote subnet), route defined, and firewalls allowing
outbound both ways, I haven't had an issue with PPTP connections.
"Erasmo" wrote:
Both rules are allowing access from Branch to Internal and vice versa on both
ISA servers. Any other ideas?
"Rob" wrote:
Clarification...the rule should allow all between the "All protected
networks" and the remote interface.
"Erasmo" wrote:
The ISA server in my main office can ping the remote branch, if I go to a
command prompt on the ISA server in the main office I can ping remote branch
office, but once I try to do it from a Windows client inside the main office,
it does not go anywhere beyond the ISA internal interface.
"Erasmo" wrote:
Both username and password are the same at both ends, exactly the same, I can
see the tunnel up from my main office, but I cannot ping anything, when I do
a tracert I stop at the ISA server in my main office and from there does not
go anywhere, I do see the interface in the routing via ISA
"Rob" wrote:
Just to confirm a few things:
1. The username you set up is the same name as the VPN connection (e.g.
VPNU1 is the VPN connection and VPNU1 would be the username)?
2. You see the network interface in Routing and Remote Access. Have you
tried right-clicking on the interface in Routing and Remote Access and
choosing Connect?
If you attempt to do a tracert to 192.168.3.1 (assuming that is your
firewall) from the 192.168.1.1 machine, what comes back?
Rob
"Erasmo" wrote:
I have two locations, my Main office and a branch office, I have ISA Server
2004 at both ends as firewall edge servers, in the main office we configured
VPN clients to be able to VPN in and access the London network, this piece
works just fine... now we are trying to setup a Site to Site VPN between Main
Office and Branch, I followed the document from Microsoft:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositevpn.mspx?pf=true
But after setting up and following the instructions on PPTP Walk through, we
can't seem to access the Branch site. Here is what I did:
- Setup Remote Branch and all components such as network, credntials and
authentication
- setup network rules as route
- setup an access rule in the firewallm policy to allow both ways
After all that, I cannot get to the network, I can see the VPN tunnel in the
Monitoring Sessions, but I cannot get to anything, what am I missing?
Main office is 192.168.1.x
Branch 192.168.3.x
Any help on getting this working will be appreciated.
- Follow-Ups:
- RE: Site-to-Site VPN not working
- From: Rob
- RE: Site-to-Site VPN not working
- References:
- RE: Site-to-Site VPN not working
- From: Rob
- RE: Site-to-Site VPN not working
- Prev by Date: RE: Site-to-Site VPN not working
- Next by Date: RE: Site-to-Site VPN not working
- Previous by thread: RE: Site-to-Site VPN not working
- Next by thread: RE: Site-to-Site VPN not working
- Index(es):
Relevant Pages
|
