Re: ISA2000 blocks the VPN?
- From: Bubby_Corner <bubby_corner@xxxxxxxxxxx>
- Date: Sun, 18 Sep 2005 16:55:01 -0700
Exactly! I am using the 10.0.0.x subnet in both side. After I changed my
remote side to 10.0.1.x, everything worked like a charm!
Thank you very much for your help.
"Edward Tian" wrote:
> Dear Bubby:
>
> Thank you for posting here.
>
>
>
> From the description, I understand your VPN connection can be successfully
> established, but you cannot access the shared folder on the remote
> computers. If I have misunderstood your concern, please feel free to let me
> know.
>
>
>
> First, please double check if both the local computer and the remote
> computer are using the same network schema (For example, 192.168.1.x). If
> so, this will cause confliction. Technically speaking, the system uses route
> table to route IP traffics. By default, the local subnet does not need
> route. The system will use broadcast to find local clients or send traffic
> directly to the local address. If the remote client has the IP address which
> is in the range of your local subnet. Once the VPN client tries to access
> the resource in the destination network (where the VPN server resides), it
> will not find the way out since its route table treat the request as a local
> network request. That¡¯s why there is no response from the server.
>
>
>
> To resolve this kind of issue, we need to use different subnet addressing in
> the VPN client and VPN server sites. For example, assign 192.168.1.x to the
> VPN client side and 192.168.0.x to the SBS Server side. That is the
> recommended configuration to establish a VPN connection. In this way, the
> traffic will be sent to the right destination.
>
>
>
> If this is not the case, please help to gather the following information:
>
> 1. Please re-run the CEICW Wizard in order to make sure the network
> connection is properly configured.
>
>
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
>
> http://support.microsoft.com/?id=825763
>
>
>
> 2. After the VPN connection established, please type ipconfig/all on the
> client side and post the output to me in the reply for analysis.
>
>
>
> 3. After the VPN connection established, can you ping the ip/computername of
> the workstations or the ISA Server?
>
>
>
> 4. Does this problem occur on all the remote clients?
>
>
>
> 5. If you place a laptop directly connect to the external NIC of the ISA2000
> server, and then establish the VPN connection, can you access the shares?
>
>
>
> 6. Help to gather the ISA Logs:
>
>
>
> 1) Open ISA Management, and then point to Monitoring Configuration | Logs
>
>
>
> 2) Double click ISA Server Firewall Service in the right pane, click to
> select Enable Logging for this service, click Fields tab, click Select All,
> and then click OK.
>
>
>
> 3) Please repeat Step 2) to enable logging IP Packet Filter and Web Proxy
> Services.
>
>
>
> 4) Run command "net stop isactrl" (without the quotation marks) to stop all
> ISA Services.
>
>
>
> 5) Backup all files in the folder C:\Program Files\Microsoft ISA
> Server\ISALogs, and then delete them.
>
>
>
> 6) In ISA Management | <server name> | Monitoring | Services, start all ISA
> services.
>
>
>
> 7) Reproduce the issue.
>
>
>
> 8) Wait for about 3 minutes, and then send me that day's firewall, web proxy
> and IP Packet filter log in C:\Program Files\Microsoft ISA Server\ISALogs.
> You can compress logs into .zip file. If compressed file size is larger than
> 5 M, please let me know so that I can create a site for you to upload the
> file:
>
>
>
> Firewall log: FWSEXTDyyyymmdd.log
>
> Web Proxy log: WEBEXTDyyyymmdd.log
>
> IP Packet Filter log: IPPEXTDyyyymmdd.log
>
>
>
> Please also let me know the IP address of the client/server.
>
>
>
> To collect ISA logs, refer to:
>
>
>
> 302372 HOW TO: Configure Logging in Internet Security and Acceleration
>
> Server
>
> http://support.microsoft.com/?id=302372
>
>
>
> 7. Help to gather the ISAinfo:
>
>
>
> You can download this utility from:
>
> http://www.isatools.org/isainfo.vbe
>
> Run it on the ISA server. Then attach the ISAINFO report to me at your
> convenience.
>
>
>
> You can send ISAinfo and ISA logs directly to my mailbox:
>
> v-edtian@xxxxxxxxxxxxx
>
>
>
> Hope the above information helps. Please feel free to let me know if you
> have any questions or concerns.
>
>
>
> Have a nice weekend! :)
>
>
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
>
> "Bubby_Corner" <bubby_corner@xxxxxxxxxxx> wrote in message
> news:C82F2E7D-3E91-43F5-8D58-C411EE2FDA9F@xxxxxxxxxxxxxxxx
> > My customer has a SBS2003/ISA2000. I have set up a VPN on a SBS 2003
> > machine,
> > i am using Windows XP SP2 clients to connect to the VPN.
> > When a user logs on they authenticate fine however they can only gain
> > access
> > to limited resources, i have tried browsing the Network, however not the
> > server or other PC's can be found. If i use the command \\computername, i
> > cannot access the shared folder. Permissions are set to allow access to
> > all
> > the other shares. Is ISA blocking the VPN connection?
> > TIA.
> > ---
> > Bubby Corner
>
>
>
.
- Prev by Date: Re: Beginner's Q: How to set up smtp?
- Next by Date: Re: OT:--CISCO EXPERTS...
- Previous by thread: Beginner's Q: How to set up smtp?
- Next by thread: Re: ISA 2004-blocking streaming
- Index(es):
Relevant Pages
|
