Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN IP Sec isa 2006 --> Chekpoint Safe@office

Posted on 2007-11-27
5
Medium Priority
?
406 Views
Last Modified: 2010-07-27
Hi!

We have 2 offices that will share servers.

The sales office have a Checkpoint Safe@office and the server-center has a Isa server 2006 running on 2003 server R2

The vpn tunnel is up and i can ping all local addresses on the sales office from the Isa server gateway (console).

But when i try to ping from the other computers on the network it would not work!

What am i missing? it looks like there is no route or something?

0
Comment
Question by:jokergrafisk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20358668
Please describe the private IP addressing schemes at both ends.

What rules have you put in oplace to allow vpn to internal on the ISA server?

Can't help you with the Checkpoint end as I only use ISA/Cisco etc but lets make sure this end is OK first.
0
 

Author Comment

by:jokergrafisk
ID: 20358724
Hi!

Servercenter

139.96.57.0/24
GW 139.96.57.1

Salesoffice:

192.9.110.0/24
GW192.9.110.2

rules on isa server:

Alow all outbound trafic to the VPN net. and vice verca.

I added a route on the isa server. Route add 192.9.110.0 MASK 255.255.255.0 GW192.9.110.2  now its working from the server center, but only one way.

i can now ping all host on 192.9.110.0. from 139.96.57.0 bot not the other way.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20360241
Both those subnets are on public addresses - do you actually use public ip addressing for the internal networks?
The rule I would expect to see would be allow All protocols FROM internal & vpn net TO internal & vpn net 9 youi can limit it afterwards to just what you want to pass).

Have you got the converse static route on at the Checkpoint end?

open the ISA gui
Select monitoring - logging - click start query
Try the connection from the CP end - what do you see in the log?

0
 

Author Comment

by:jokergrafisk
ID: 20372806
Hi!

Yes, we have some strange subnets ;)

I think the problem is the Safe@office.

it has to be something with routing.

Anyway, i give up.

Installing ISA server in the other location now.


0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 20375580
:) Good move.
0

Featured Post

Protect Your Retail Business and Reputatio

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for a webinar on Sept. 28th to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question