Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Site to Site IPsec VPN between ISA 2004 and Netgear FVS318

Posted on 2008-09-29
5
Medium Priority
?
658 Views
Last Modified: 2012-05-05
I currently have two ISA Server 2004 systems setup that I am trying to establish Site to site vpn connections with a Netgear FVS316 VPN router.  I am able to establish the connections but and I believe that the comminication is only one-way.  When I am connected to a machine that is behind the Netgear, I can ping any system that is behind either of the two ISA servers.  I can also ping any system that is behind the netgear from any machine that is behind either of the two ISA servers.  What I cannot do is ping any system behind the netgear if I am actually on either of the two ISA servers.  I believe that this a configuration issue within my ISA servers.  My Netgear indicates, in the VPN status dialog, that both of my connections are established.  So my question is, why can I not ping the Netgear or any machine that is behind it, when I am actually on either of the two ISA servers?  It would seem to me that if I can ping the systems on the Netgear from any machine that is behind the ISA servers that I should be able to ping directly from the ISA server itself.

Any help is appreciated!
0
Comment
Question by:xirtic
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
NutrientMS earned 750 total points
ID: 22600106
Hi,

You should have a rule in ISA that allows traffic to flow between the networks (Internal) on your ISA to your VPN Site network.  What you may not have, is Localhost set as a FROM address.  Basically, this means you can have all clients behind the ISA server right to ping the netgear and everything behind it, but not the actual ISA server itself.

Post what this rule looks like if you have no joy reconfiguring it.
0
 

Author Comment

by:xirtic
ID: 22600448
I am assuming you mean a firewall policy for the VPN connection that has localhost listed in the From dialog.  It is configured this way currently!
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600711
On your isa server run a log where client ip = <ISA SERVER IP ADDRESS> and see what happens when you ping.  See if you get "DENIED - DEFAULT RULE" or what happens...
0
 

Author Comment

by:xirtic
ID: 22601338
I ran a trace on the ISA server but could not get anything to come back.  One thing that I did notice was that when I tried to ping the Netgear box from the ISA server, it came back with "Negotiating IP Security" as opposed to "Response Timeout".  Not quite sure what this means.
0
 

Author Comment

by:xirtic
ID: 23514603
I figured the problem
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question