Re: Http access across a site 2 site VPN
- From: Fred Berestoff <FredBerestoff@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 May 2007 12:42:01 -0700
Thanks, when I log the traffic, I get "failed connection attempt" for the
access rule that represents access to the vpn between the sites. Any
suggestions on where I might go from here?
--
Fred Berestoff
"Fred Berestoff" wrote:
Hi Thanks for the response..
during the site to site wizard isa asks if you want to create the
corresponding network rules and access rules, and I went ahead and created
them as part of the wizard. Specifically I allowed for all outbound traffic
from internal and the vpn link network object (kodiak to anchorage) to
internal and the vpn link network object (kodiak to anchorage for all users
for any time. there is also a network route rule that was created routing
traffic from internal to the vpn.
Question: at one time I had this set up in a side by side design, where the
isa was only for internet access, as a result I had defined the internal
domain and address for ALL internal networks in the internal address and
domains tab. (where you tell isa to bypass those addresses and domains). I
have since removed this information and modified to reflect the current
setup, but could there somehow be some sort of legacy rule set up somewhere?
It would explain why I can pass icmp and other traffic across the vpn but not
http or https.
thanks again,
--
Fred Berestoff
"Phillip Windell" wrote:
What did you do for Access Rules?
no rules = no access
The Remote Network is not part of Internal. It is part of the Network Object
you created when you configured for the VPN. The Access Rules are for between
Internal and the Remote Network Object.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
"Fred Berestoff" <FredBerestoff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5D89330-9D89-4121-9229-91DF99BA96EC@xxxxxxxxxxxxxxxx
I have a Site to site VPN between an isa server enterprise 2006 server and a
cisco pix. This VPN used to be a pix to pix vpn but I have been able to
substitute an isa server on one end of the link. Ever since I did this, I
cannot access any "internal" websites that are on the other side of the vpn.
I can see the traffic in the logs, and it shows the http traffic as getting
routed into the correct vpn link, but it just times out with a 504 proxy
timeout error. I can Remote Desktop to computers on the other side of the
VPN, and pass other traffic like icmp traffic: (other than the websites http
and https all other traffic seems to pass normally) any help with this would
be appreciated,
thanks,
--
Fred Berestoff
- Follow-Ups:
- Re: Http access across a site 2 site VPN
- From: Fred Berestoff
- Re: Http access across a site 2 site VPN
- From: Phillip Windell
- Re: Http access across a site 2 site VPN
- References:
- Http access across a site 2 site VPN
- From: Fred Berestoff
- Re: Http access across a site 2 site VPN
- From: Phillip Windell
- Re: Http access across a site 2 site VPN
- From: Fred Berestoff
- Http access across a site 2 site VPN
- Prev by Date: Re: Hitting specific port on internal IP from outside our network
- Next by Date: Re: ISA 2006 install OWA publishing rule
- Previous by thread: Re: Http access across a site 2 site VPN
- Next by thread: Re: Http access across a site 2 site VPN
- Index(es):
Relevant Pages
|
