Re: Help in Site VPN?
- From: "Al-Taee" <MohammedSSZ@xxxxxxxxx>
- Date: 24 Feb 2006 00:29:06 -0800
Many thanks Virgil for your reply.
Please complete the drawing of my picture by answering these questions:
* You need to configure both demand-dial interfaces but you only need
to initiate "dialing" from one of them - if that succeeds then the link
is active and that's it. I still configure the "dialing" from both
sides for redundancy, it doesn't matter as long as one of them
succeeds.
I want to know from where i initiate the dialing? Is it from RRS
console then right click connect or dialing the shortcut for the dialup
connection (created by Network Connection Wizard)?
Regarding the automatic dialing configuration at the ISA, i cant find
the remote network name at the list so i can select it, there is only
two network to select (External & Internal) so how can i add it to make
automatic reply dialing from any side?
* What do you mean by "dialup connection"? Are you rather talking about
"demand-dial" interfaces? If yes then I already responded - for a
site-to-site VPN you need to configure one demand-dial interface on
each side, and that's it. You don't need to configure VPN at all on the
client computers - that's the essence of site-to-site VPN, the two ISA
servers handle that.
Thats what i dont understand! I mean by "dialup connection" that i
create connection at each site for the name & password for the remote
site demand-dial name (this connection is the same connection we
created for roaming VPN clients when you dial the screen that contains
the User Name & Password & Domain including the remote public IP) so Do
i need this connection or not?
When you said you dont need to configure VPN on all client computers so
is that mean i have to make the dialing only from the ISA computer?
what if i dont someone to access ISA and i want to make it from one of
the clients behind ISA?
* You will still need however to define the proper network
relationships (if you're using ISA2004) and potentially, depending on
how complex each site is, (static) routes on each ISA for the
subnet(s) on the opposite side. (You need to tell each ISA whether a
certain destination should be reached via the demand-dial link or by
going to the Internet).
I did this i think by making a route relationship at both ISA2k4 and
according to MS. article so no need for static route.
* Oh, and one more thing. You should NOT use the same IP subnet(s) for
your LAN's at central and remote sites, if you want to have the
slightest chance to a true VPN using ISA. In other words, if both
central and remote sites are using for example 192.168.1.xxx with a
mask of 255.255.255.0, then you need to start by re-addressing one of
them.
One as 10.128.1.x /24 and the other as 10.127.1.x / 24 and so on.
* This does not look to me like an "access denied" event. Your packets
don't seem to travel properly; they don't reach destinationy so ou
probably don't have the right config in place to start with. I cannot
help you within this forum more than I already did. The information is
there, you just need to wrap your head around it.
The point here is i cant establish the connection then i cant even ping
the remote ISA server or the remote ISP router even i have allow all
rule, I can ping the ISP router from another ISP but not from the one
in the S2S!
Thanks for your help and i will wait your answer so i may be i will
delete all the rules and relationship and start again.
Al,
.
- Follow-Ups:
- Re: Help in Site VPN?
- From: Al-Taee
- Re: Help in Site VPN?
- References:
- Help in Site VPN?
- From: Al-Taee
- Re: Help in Site VPN?
- From: ZVR
- Re: Help in Site VPN?
- From: Al-Taee
- Re: Help in Site VPN?
- From: Al-Taee
- Re: Help in Site VPN?
- From: Al-Taee
- Re: Help in Site VPN?
- From: ZVR
- Re: Help in Site VPN?
- From: Al-Taee
- Re: Help in Site VPN?
- From: ZVR
- Help in Site VPN?
- Prev by Date: Re: Why do I get Proxy Requires Authorization!?
- Next by Date: Re: Help on HTTP Filter
- Previous by thread: Re: Help in Site VPN?
- Next by thread: Re: Help in Site VPN?
- Index(es):
Relevant Pages
|
