Re: ISA/VPN Clients get other subnet?

You are putting your LAN at risk by whatever the user's machine is connected
to at the same time they are connected to you. You need to *want* them to
use "Use gateway on remote network" so all traffic to/from their machine can
be *controlled*.

In direct response to your question,...there is no help,..it can't be
done,..VPN is designed to be the way it is,...it is an industry standard not
a Microsoft standard. The user will not be able to access any subnet on the
LAN they "VPNed" into other than the subnet they directly connected to. In
many deployments the company even puts their VPN Server in its own little
subnet so that if a user disabled "use gateway on remote network" they
cannot access any resources on the LAN at all apart from the VPN Server
itself.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"RemonB" <RemonB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:58C1C3D4-8302-4666-B1CB-D860A98BCE3D@xxxxxxxxxxxxxxxx
Hello,

We wan't our users to NOT use 'Use default gateway on remote network' when
connecting to our corporate LAN, so that internet traffic will not go
through
ISA.

We got one problem, previous we used : 192.168.1.0/24
We changed that to 192.168.0.0/22 (192.168.0.1-192.168.3.254)

But when ISA/VPN clients connect they get 192.168.2.x ip (that's correct)
and get a route: 192.168.2.0/24 (That's wrong!)
This way they can't connect to the servers on 192.168.1.x ???

DHCP server is giving /22 , I use DHCP for VPN clients...

Any help would be great!

Thanks,

RemonB


.

Relevant Pages

  • Terminal Serices Clients Disconnect on Minimize
    ... I have a Windows 2000 Advanced Server with Terminal Server running in ... We have 7 users on our LAN connected to the server ... We also have 43 remote users connecting through ... but it still disconnects. ...
    (microsoft.public.win2000.termserv.clients)
  • Re: HELP ME VPN SERVER SETUP ON WIN2K SERVER
    ... How can I browse the LAN im connecting to as if I was on a wired LAN client ... Leave the hardware router as the gateway of the LAN, ... Make the server the gateway of your LAN. ...
    (microsoft.public.win2000.ras_routing)
  • Cannot Access External Mail (SMTP / POP3) ISA 2000
    ... We are running a Windows 2000 Server that has ISA ... Exchange 2000 installed.This machine has two NIC interfaces; ... connecting to the LAN, the other connecting into a CISCO 1605 Router - ... the LAN, one with a PUBLIC IP address)? ...
    (microsoft.public.isa)
  • Cannot Access External Mail (SMTP / POP3) ISA 2000
    ... We are running a Windows 2000 Server that has ISA ... Exchange 2000 installed.This machine has two NIC interfaces; ... connecting to the LAN, the other connecting into a CISCO 1605 Router - ... the LAN, one with a PUBLIC IP address)? ...
    (microsoft.public.isa)
  • Remote Desktop to ISA Server 2006
    ... I have a Server 2003 Standard Edition server with ISA Server 2006. ... The network is a small LAN, all on the same IP, range ... created an access rule to allow full access from LAN to ...
    (microsoft.public.isa)