Re: Site to Site Routing

The ISA servers are likely not allowing you to ping them.
The VPN tunnel tunnel is on the outside of the ISA firewalls.
You need to allow appropiate traffic and routes through ISA.

I am trying to find you another website and article unless someone else
has one handy

vin wrote:

Sorry but it doesn make any sense, router has built in firewall, the idea is
only traffice from the amin server is router to the branch server,

Even after the VPN tunnel is initiated between the to sites, i still cannot
ping the local computers on either side onlt ping the routers them selves

"Michael Jenkin [SBS-MVP]" wrote:

Hello,

I am still reading this particular email and some of it is not
applicable to you but the idea is the same

http://www.isaserver.org/tutorials/Creating-Parallel-ISA-Firewall-Configuration-Netscreen-DMZ.html

You really need to allow file/print and DNS through the ISA firewalls.
Sort of defeats he purpose of ISA.

I would trust your VPN routers have good solid firewalls ?

vin wrote:

Hi,

Please can anyone help,
i am setting up a remote office - main branch as SBS2003 premium with IS2000

Remote office as Server 2003 R2 with Isa2004

both sites have draytek 2600 routers, i have a VPN link between the two
routers, i can ping routers from the opp side, but cannot ping the internal
netwrok

Site - main
ruoter IP 192.168.1.1
Server ext card - 192.168.1.2
server interneal net - 10.1.1.2

Site remote -
router IP 192.168.2.1
server Ext card - 192.168.2.2
server In card - 10.1.2.2

do i have to allow any rules in ISA or rooutes in RRAS??
Please help

--
Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
Systems Engineer
Visit http://www.mickyj.com


--
Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
Systems Engineer
Visit http://www.mickyj.com
.

Relevant Pages

  • Re: HTTP trouble in 2004
    ... > understand is why can't I ping the public address of the DC. ... >> separating the DC role from the ISA Server role. ... >>>I appear to be an ISA dummy and have a small problem. ... My nics are setup with teh DC being the DNS server and my IE ...
    (microsoft.public.isaserver)
  • RE: VPN Connects, but no Internal IP or network resources.
    ... versions of ISA yet seem to be having the same trouble. ... I just noticed in this post though, that you can't even ping the other ... an access issue rather than connectivity. ... My ISA server is going to be down until I rebuild it, so I can't even do any ...
    (microsoft.public.isa.vpn)
  • Re: Valid scenario for ISA 2004 Site to Site Deployment?
    ... Right - I understand your point regarding ping. ... rule setup so the corpnet can talk to the hosted server w/o any problems. ... So - back to the original question, would this be a valid scenario for ISA ...
    (microsoft.public.isa.configuration)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... ping works. ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... request and Ping reply come in and out of the internal interface that is on ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)