VPN IP Sec isa 2006 --> Chekpoint Safe@office

Hi!

We have 2 offices that will share servers.

The sales office have a Checkpoint Safe@office and the server-center has a Isa server 2006 running on 2003 server R2

The vpn tunnel is up and i can ping all local addresses on the sales office from the Isa server gateway (console).

But when i try to ping from the other computers on the network it would not work!

What am i missing? it looks like there is no route or something?

jokergrafiskAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
:) Good move.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Please describe the private IP addressing schemes at both ends.

What rules have you put in oplace to allow vpn to internal on the ISA server?

Can't help you with the Checkpoint end as I only use ISA/Cisco etc but lets make sure this end is OK first.
0
 
jokergrafiskAuthor Commented:
Hi!

Servercenter

139.96.57.0/24
GW 139.96.57.1

Salesoffice:

192.9.110.0/24
GW192.9.110.2

rules on isa server:

Alow all outbound trafic to the VPN net. and vice verca.

I added a route on the isa server. Route add 192.9.110.0 MASK 255.255.255.0 GW192.9.110.2  now its working from the server center, but only one way.

i can now ping all host on 192.9.110.0. from 139.96.57.0 bot not the other way.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Both those subnets are on public addresses - do you actually use public ip addressing for the internal networks?
The rule I would expect to see would be allow All protocols FROM internal & vpn net TO internal & vpn net 9 youi can limit it afterwards to just what you want to pass).

Have you got the converse static route on at the Checkpoint end?

open the ISA gui
Select monitoring - logging - click start query
Try the connection from the CP end - what do you see in the log?

0
 
jokergrafiskAuthor Commented:
Hi!

Yes, we have some strange subnets ;)

I think the problem is the Safe@office.

it has to be something with routing.

Anyway, i give up.

Installing ISA server in the other location now.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.