Re: Route an external IP address via site to site vpn

Hello Ray,

Thank you for posting here.

According to your description, I understand that you want to route an
external IP address via the site-to-site VPN, and then out to Internet at
the remote site. If I have misunderstood the problem, please don't hesitate
to let me know.

First, I would like to know what make you to do this. Meanwhile, do you
setup the site-to-site VPN connection thru 2 ISA 2004 servers?

I assume your situation is that: Your local ISP block the traffic to an
external IP, but the remote ISP not. You want to make the traffic to this
IP go to the remote site first, then go to Internet. If this is want you
want to do, I suggest we try the following steps:

We only need to add a static IP route on local ISA server to let the ISA
know the traffic to this IP need go to remote ISA:

Run the following command on local ISA server:
Router add ExternalIP RemoteISAInternalIP

Note: The route will disappear after you restart the local ISA.

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

1. Do you setup the site-to-site VPN connection thru 2 ISA 2004 servers?

2. Let me know the external IP address.

3. Run command "ipconfig /all > c:\ipconfig_sbs_local.txt" and "route print
c:\route_sbs_local.txt" on local ISA server 2004, send the files
c:\ipconfig_sbs_local.txt and c:\route_sbs_local.txt to me at
v-terliu@xxxxxxxxxxxxx

4. Run command "ipconfig /all > c:\ipconfig_sbs_remote.txt" and "route
print > c:\route_sbs_ remote.txt" on remote ISA server 2004, send the files
c:\ipconfig_sbs_ remote.txt and c:\route_sbs_ remote.txt to me at
v-terliu@xxxxxxxxxxxxx

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Ray Collins" <Ray.Collins@xxxxxxxxxxxxxxxxx>
| References: <uVXiCH2jIHA.1164@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Route an external IP address via site to site vpn
| Date: Thu, 27 Mar 2008 03:56:14 +1100
| Lines: 16
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-RFC2646: Format=Flowed; Response
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
| Message-ID: <OszXPJ2jIHA.484@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 210-11-144-11.static.netspeed.com.au 210.11.144.11
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:99986
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Sorry, some more information SBS 2003 with ISA 2004 and 2 nics.
|
| "Ray Collins" <Ray.Collins@xxxxxxxxxxxxxxxxx> wrote in message
| news:uVXiCH2jIHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
| > Hi,
| >
| > due to an ISP issue I need to temporarily route an external IP address
via
| > the site to site VPN and then out to the Internet. The site to site VPN
is
| > up and running, just not sure how to configure ISA to route one
external
| > IP address via the VPN.
| >
| > Can it be done? If so can I have the beginners guide please ?
| >
| >
|
|
|

.

Relevant Pages

  • Re: VPN & FTP Question
    ... that the remote client is XP Pro SP2. ... I'm guessing that it is somethint to do with retaining the "route add" ... > default gateway will be changed to the VPN connection once the VPN ... > simply turn off the Use default gateway on remote host in the TCP/IP ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN routing
    ... A remote site connected by a point-to-point T1. ... We can connect with a VPN directly to the firewall's external ... The main firewall does have a static route for 10.0.3.0/24 through ...
    (comp.dcom.vpn)
  • Re: SBS 2003 RRAS VPN - print to local network
    ... As a general VPN idea remote systems should _never_ be in the same subnet. ... It is routing on the RRAS ... RRAS is then told to static route traffic for 27.x ...
    (microsoft.public.windows.server.sbs)
  • Re: Routing through VPN (with RRAS) = remote network not reachable...
    ... The other site must have a route to your site through the VPN ... This is usually set up automatically when you connect (if the remote ... server is aware that you are making a router to router connection). ...
    (microsoft.public.isa.vpn)
  • Re: Routing through VPN (with RRAS) = remote network not reachable...
    ... The other site must have a route to your site through the VPN ... This is usually set up automatically when you connect (if the remote ... server is aware that you are making a router to router connection). ...
    (microsoft.public.windows.server.networking)