Joining Networks over the Internet with a Gateway to Gateway VPN

Joining Networks over the Internet with a Gateway to Gateway VPN

Post by Marcelo Go » Sun, 18 Jul 2004 11:05:56


Hello,

I followed the directions in many how-to articles (including the
http://www.yqcomputer.com/ ) and after
several attempts and tests I decided to post my doubt in this group in
search of tips.

My Configuration:

Site A: SBS2000, ISA sp2
Local: 192.168.51.2 / 255.255.255.0
Internet: 200.176.x.x

Site B: SBS2000, ISA sp2
Local: 192.168.48.2 / 255.255.255.0
Internet: 200.176.y.y

After followed the directions in
http://www.yqcomputer.com/

Site A can see all of the machines of the site B. The machines of the site A
can navigate in the Internet without problems.

Site B can see all of the machines of the site A, but the machines of the
site B CANNOT navigate in the Internet.

Ping and tracert to externals IPs (200.x.x.x) works.
Name Resolution (dns) from command line works fine.
Seemingly ISA stops serving the requests from site B when VPN is
established.

Does anybody have some suggestion of the one what I should verify?

Thank you,

Marcelo Goulart

ps: Seeking for a solution in the Internet, I found other user with a
similar problem:

http://www.yqcomputer.com/ ;f=13;t=002438
----------------------------------------------------------------------------
-------
I have 2 sites : 1 running SBS 2003 Server (with ISA 2000) and the other
running 2003 Server with ISA 2000. Each site has ISA configured and working
properly over a broadband connection to the 'External' network card.

I have followed the Chapter 4 tutorial: "ISA Server 2000 Gateways on each
site" configured to use a PPTP connection only and have come up against a
problem.

When the remote site connects to the main branch I have access to all the
network resources over the VPN which is great but the clients PC's and
server at the remote site lose internet access.

I can ping internet sites from the server using domain name and/or IP
address so I don't think it's a DNS problem. When I manually disconnect the
main_branch interface within RRAS full functionality is restored.

I'm 100% sure that this is a routing problem but is proving difficult for me
to resolve. Has anyone has a similar experience who can maybe point me in
the right direction ?

Thanks
----------------------------------------------------------------------------
-------
 
 
 

Joining Networks over the Internet with a Gateway to Gateway VPN

Post by Marcelo Go » Sun, 18 Jul 2004 11:13:36

Hello,

I followed the directions in many how-to articles (including the
http://www.yqcomputer.com/ ) and after
several attempts and tests I decided to post my doubt in this group in
search of tips.

My Configuration:

Site A: SBS2000, ISA sp2
Local: 192.168.51.2 / 255.255.255.0
Internet: 200.176.x.x

Site B: SBS2000, ISA sp2
Local: 192.168.48.2 / 255.255.255.0
Internet: 200.176.y.y

After followed the directions in
http://www.yqcomputer.com/

Site A can see all of the machines of the site B. The machines of the site A
can navigate in the Internet without problems.

Site B can see all of the machines of the site A, but the machines of the
site B CANNOT navigate in the Internet.

Ping and tracert to externals IPs (200.x.x.x) works.
Name Resolution (dns) from command line works fine.
Seemingly ISA stops serving the requests from site B when VPN is
established.

Does anybody have some suggestion of the one what I should verify?

Thank you,

Marcelo Goulart

ps: Seeking for a solution in the Internet, I found other user with a
similar problem:

http://www.yqcomputer.com/ ;f=13;t=002438
--------------------------------------------------------------------------
I have 2 sites : 1 running SBS 2003 Server (with ISA 2000) and the other
running 2003 Server with ISA 2000. Each site has ISA configured and working
properly over a broadband connection to the 'External' network card.

I have followed the Chapter 4 tutorial: "ISA Server 2000 Gateways on each
site" configured to use a PPTP connection only and have come up against a
problem.

When the remote site connects to the main branch I have access to all the
network resources over the VPN which is great but the clients PC's and
server at the remote site lose internet access.

I can ping internet sites from the server using domain name and/or IP
address so I don't think it's a DNS problem. When I manually disconnect the
main_branch interface within RRAS full functionality is restored.

I'm 100% sure that this is a routing problem but is proving difficult for me
to resolve. Has anyone has a similar experience who can maybe point me in
the right direction ?

Thanks
--------------------------------------------------------------------------

 
 
 

Joining Networks over the Internet with a Gateway to Gateway VPN

Post by Marcelo Go » Wed, 21 Jul 2004 09:16:33

I think that I found a solution:

http://www.yqcomputer.com/ %40TK2MSFTNGP11.phx.gbl&rnum=1&prev=/&frame=on

I will test tomorrow in the morning. Now, I lost the TS connection during my
last tests and doesn't have anybody in the office for reset the server...
:-(

Thanks to Les Connor [SBS MVP], Damian N. Leibaschoff and Luis Carvalho.

Marcelo Goulart



"Marcelo Goulart" < XXXX@XXXXX.COM > escreveu na mensagem

A
working
the
me
 
 
 

Joining Networks over the Internet with a Gateway to Gateway VPN

Post by Thomas W S » Tue, 27 Jul 2004 11:18:47

i Marcelo,

That doc definintely does NOT support an SBS config.

HTH,
--
Thomas W Shinder
www.isaserver.org/shinder
ISA Firewalls - MVP


"Marcelo Goulart" < XXXX@XXXXX.COM > wrote in message
news:e% XXXX@XXXXX.COM ...
http://groups.google.com.br/groups?hl=pt-BR&lr=&ie=UTF-8&threadm=OhAkfIqlDHA.3688%40TK2MSFTNGP11.phx.gbl&rnum=1&prev=/&frame=on
my
OK.
site
the
other
each
a
the
for
in


 
 
 

Joining Networks over the Internet with a Gateway to Gateway VPN

Post by Marcelo Go » Tue, 27 Jul 2004 23:14:15

i Thomas,

I just need to interconnect the segments 192.168.48.0 and 192.168.51.0. I
don't need trust relationship and any other "advanced" resource. Seemingly
with ISA Gateway it is everything working OK. The only problem is that IP of
one of the servers 192.168.51.2 always change to 192.168.48.x when the vpn
is established.

I made some alterations in DNS and I followed the steps described in KB
292822. In a first moment it didn't work. After some boots and more some
alterations in DNS, it seems that now (2 or 3 days) it is ok. I will
continue monitoring.

Any tip or suggestion is welcome.

Thank you,

Marcelo

"Thomas W Shinder [MVP]" < XXXX@XXXXX.COM > escreveu na mensagem
news:% XXXX@XXXXX.COM ...
http://groups.google.com.br/groups?hl=pt-BR&lr=&ie=UTF-8&threadm=OhAkfIqlDHA.3688%40TK2MSFTNGP11.phx.gbl&rnum=1&prev=/&frame=on
during
server...
against
disconnect