Re: Http access across a site 2 site VPN

I have no idea.
If no one else here knows,...then you can ask in the forums on www.isaserver.com
or you can open a support case with MS Support Services.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Fred Berestoff" <FredBerestoff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C62243DC-B7E6-435E-9F44-A3CA0139361E@xxxxxxxxxxxxxxxx
Thanks, when I log the traffic, I get "failed connection attempt" for the
access rule that represents access to the vpn between the sites. Any
suggestions on where I might go from here?
--
Fred Berestoff


"Fred Berestoff" wrote:

Hi Thanks for the response.

during the site to site wizard isa asks if you want to create the
corresponding network rules and access rules, and I went ahead and created
them as part of the wizard. Specifically I allowed for all outbound traffic
from internal and the vpn link network object (kodiak to anchorage) to
internal and the vpn link network object (kodiak to anchorage for all users
for any time. there is also a network route rule that was created routing
traffic from internal to the vpn.

Question: at one time I had this set up in a side by side design, where the
isa was only for internet access, as a result I had defined the internal
domain and address for ALL internal networks in the internal address and
domains tab. (where you tell isa to bypass those addresses and domains). I
have since removed this information and modified to reflect the current
setup, but could there somehow be some sort of legacy rule set up somewhere?
It would explain why I can pass icmp and other traffic across the vpn but not
http or https.

thanks again,

--
Fred Berestoff


"Phillip Windell" wrote:

What did you do for Access Rules?
no rules = no access
The Remote Network is not part of Internal. It is part of the Network
Object
you created when you configured for the VPN. The Access Rules are for
between
Internal and the Remote Network Object.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or
anyone else associated with me, including my cats.
-----------------------------------------------------

"Fred Berestoff" <FredBerestoff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5D89330-9D89-4121-9229-91DF99BA96EC@xxxxxxxxxxxxxxxx
I have a Site to site VPN between an isa server enterprise 2006 server and
a
cisco pix. This VPN used to be a pix to pix vpn but I have been able to
substitute an isa server on one end of the link. Ever since I did this,
I
cannot access any "internal" websites that are on the other side of the
vpn.
I can see the traffic in the logs, and it shows the http traffic as
getting
routed into the correct vpn link, but it just times out with a 504 proxy
timeout error. I can Remote Desktop to computers on the other side of
the
VPN, and pass other traffic like icmp traffic: (other than the websites
http
and https all other traffic seems to pass normally) any help with this
would
be appreciated,

thanks,
--
Fred Berestoff





.

Relevant Pages

  • Re: cups relaying remote broadcasts to a local subnet (SOLVED)
    ... This sounds like an application that could use a vpn (virtual private ... network) over the internet. ... port 9100 it only has to be set up on the gateway machine. ...
    (Fedora)
  • Re: Using a Linksys router, should I also use Zonealarm?
    ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ...
    (microsoft.public.security)
  • Re: cups relaying remote broadcasts to a local subnet
    ... This sounds like an application that could use a vpn (virtual private ... network) over the internet. ... The 10.x.x.x series of IP addresses is set aside as private address space. ...
    (Fedora)
  • Re: Remote Access and Setting up a VPN....need some expert advice....
    ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... Assuming you need to access the server shared folder only, it is better to use VPN. ... Since you have two NICs in the server, you can setup VPN follow this step by step how to. ... > internal network and has an address of 10.0.0.254. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to add static routes to ISA Server
    ... I think that the route add should be: ... you want it to represent the whole network and also the subnet should be ... created the access rules for the networks ... internal network" and "Internet access") so your VPN clients will be ...
    (microsoft.public.isa)