ISA 2004 Standard Site to Site VPNS

03-14-2006, 02:13 PM

Here's the Net setup

Main Site
Windows Server 2003 SP1 running ISA 2004 Std SP2
Also acting as router between 192.168.1.0 & 192.168.30.0/24
External IP (XX.XX.XX.XX)
Internal Subnets (192.168.1.0/24; 192.168.30.0/24)

Remote Site 1
Linksys BEFVP41
External IP (YY.YY.YY.YY)
Internal Subnet (10.0.0.0/24)

Remote Site 2
Linksys WRV54G
External IP (ZZ.ZZ.ZZ.ZZ)
Internal Subnet (192.168.15.0/24)

My problem is I can only get Site 1 & 2 to talk to each other if I
create a tunnel between them. And neither site can talk to
192.168.30.0/24, even though that is part of the 'internal' network on
the main site. I have tried specifing "Any" as the remote secure
group, but then only the ISA 2004 server can ping the remote branches.
The remote branches can't ping 1.0 or 30.0 with the any setting.

I want to create a tunnel from each branch site to the main site, and
have ISA 2004 do all the routing. How do I accomplish this?

03-14-2006, 03:58 PM

I temporarily disabled vpn to branch 2 (192.168.15/24) and set the
tunnel between ISA and branch 1 to 192.168.0.0/24. I then could get to
192.168.30.0/24, but not 1.0/24. So back to square one.

03-14-2006, 05:03 PM

Ask in the ISA groups (microsoft.public.isa),...or ask in the forums on
www.isaserver.org

I spend most of my time in the ISA groups, but I am not sure enough about
your particular situation to comment myself. However you might find
something in the "Guidance" link in my signature if you diggaround in there.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> I temporarily disabled vpn to branch 2 (192.168.15/24) and set the
> tunnel between ISA and branch 1 to 192.168.0.0/24. I then could get to
> 192.168.30.0/24, but not 1.0/24. So back to square one.
>

03-14-2006, 05:23 PM

Since you are running a different type of device at every site, you may need
to consider one of these articles. Remmeber that everybody designs their
devices as if you are using only their devices at every site. Most VPN
Solutions are proprietary to a certain degree.

Configuring IPSec Site-to-Site Connections Between ISA Server 2004 and
Third-Party Gateways
http://www.microsoft.com/technet/pro...siteipsec.mspx

Establishing an IPSec site-to-site tunnel between an ISA 2004 Firewall and a
D-Link DI-804HV IPSec VPN Router
http://www.isaserver.org/articles/2004isadlink.html

Configuring IPSec Tunnel Mode VPN Between ISA Server 2004 and Astaro
Security Linux
http://www.microsoft.com/technet/pro...elmodevpn.mspx

Configuring IPSec Tunnel Mode VPN Between ISA Server 2004 and SmoothWall
Express 2.0
http://www.microsoft.com/technet/pro...pnexpress.mspx

Configuring IPSec Tunnel Mode VPN Between ISA Server 2004 and Netopia R9100
4.11.3
http://www.microsoft.com/technet/pro...n/netopia.mspx

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
SITE-To-SITE VPN using Windows Server 2003 Standard	S H A R I Q U E	Windows Networking	8	01-03-2009 04:25 PM
Site-to-Site VPN client routing question - clients at branch office not able to access network at HQ	Hii Sing Chung	Windows Networking	13	10-19-2007 10:47 AM
PPTP users cannot access branch office (even though site to site works)	Monster	Windows Networking	1	08-11-2006 04:20 AM
VPN Site-to-site stops working after applying SP1 - HotFix 8976651 didn't work!	\|mouse\|	Windows Networking	3	09-22-2005 09:19 PM
another vpn wins site to site to site problem*	Christopher S. Daane	Windows Networking	5	04-21-2004 07:25 AM