Re: Unusual VPN setup, ISA/Cyberguard

On Oct 4, 6:58 am, "DT" <darren_t...@xxxxxxxxxxx> wrote:
Hi,

I've just been asked to consult to a company who have had a VPN setup by
some internal staff who cannot get it up and running. I've had a quick look
but cant see a way to get it running in the config they currently have.
However due to some custom application and security requirements they want
me to try and find a work around.

The setup is as such (displayed as best I can think in a text email!!)

Internal subnets:
Office 1 192.168.0.0/24
Office 2 10.0.0.0/24

VPN Subnets:
Office 1 192.168.100.0/24
Office 2 10.0.10.0/24

Office 1

192.168.0.1<SBS2003/ISA2000>192.168.100.2

192.168.100.1<Cyberguard SG560>public IP

Office 2

Public IP<Cyberguard SG560>10.0.10.2

10.0.10.1<SBS2000/ISA2000>10.0.0.2

IPSEC VPN successfully setup between the two SG560's and each office can
ping the "external" interface on the SBS/ISA servers. But a trace to say a
PC in office 1 to a PC in office 2 stops at the internal interface on the
SG560.

Some common ports, eg 25, 110, 3389, 80,443 etc are forwarded by the SG560's
to the SBS/ISA servers and are working OK.

BUT the goal is actually to map drives between the two SBS servers for the
purpose of replicating common data. They also need a couple of PC's both
offices to be able to use RDP to control PC's in the other office.

So, any ideas before I tell them to choose between ISA or SG560's?

Thanks in advance

Darren

Hi Darren

I think this is a routing issue! I may be wrong, but would guess that
there is a switch in the way that is dropping the traffic. If it is a
layer 3 switch you should be able to add the route to the switch
itself.

also, have you tried going to CMD and typing ROUTE PRINT? this should
show you if a valid route is available between the two subnets. you
can use the ROUTE ADD command to add a route use the /p switch once it
works to write the route permanently.

On a separate issue, if you have ISA/SBS have you tried using the
'remote web workplace' option?? I have used this quite a bit when 2 of
the companies I work with split their office and a couple of people
needed access to a live accounst system, so we bought 2 cheap PC's and
chucked them under a desk for them to access using RWW. loads easier
to work with as ISA does all the hard work for you and you dont have
to struggle with VPN/Route configs.

Dom


.

Relevant Pages

  • Re: Unusual VPN setup, ISA/Cyberguard
    ... This is a common issue when using ISA and a hardware VPN endpoint. ... there is a switch in the way that is dropping the traffic. ... have you tried going to CMD and typing ROUTE PRINT? ...
    (microsoft.public.windows.server.sbs)
  • Re: Surf outside Internet through VPN
    ... office VPN and then out to the Internet. ... I have setup a VPN. ... you may just have to add a default route to this ... You can also just use "simple" IPsec without gif, ...
    (freebsd-net)
  • Re: Surf outside Internet through VPN
    ... office VPN and then out to the Internet. ... I have setup a VPN. ... the default route to that means that you will no longer be able to reach ... willing to router traffic out the Internet for you. ...
    (freebsd-net)
  • 276c Firmware Upgrade Beta
    ... Increased number of proximity waypoints to 100. ... Added 'voice prompt' option to Sound setup; ... when navigating a manual route. ... Changed Data Card Information page into Map Information page to ...
    (sci.geo.satellite-nav)
  • Re: Port Forwarding?
    ... Here is my current setup at home. ... D-Link Wireless Router ... The term "Virtual Server" is D-Link speak for port forwarding. ... supports VPN passthru, so you'll have to setup a VPN client on the ...
    (microsoft.public.windowsxp.network_web)