Solved

Site to Site IPsec VPN between ISA 2004 and Netgear FVS318

Posted on 2008-09-29
5
653 Views
Last Modified: 2012-05-05
I currently have two ISA Server 2004 systems setup that I am trying to establish Site to site vpn connections with a Netgear FVS316 VPN router.  I am able to establish the connections but and I believe that the comminication is only one-way.  When I am connected to a machine that is behind the Netgear, I can ping any system that is behind either of the two ISA servers.  I can also ping any system that is behind the netgear from any machine that is behind either of the two ISA servers.  What I cannot do is ping any system behind the netgear if I am actually on either of the two ISA servers.  I believe that this a configuration issue within my ISA servers.  My Netgear indicates, in the VPN status dialog, that both of my connections are established.  So my question is, why can I not ping the Netgear or any machine that is behind it, when I am actually on either of the two ISA servers?  It would seem to me that if I can ping the systems on the Netgear from any machine that is behind the ISA servers that I should be able to ping directly from the ISA server itself.

Any help is appreciated!
0
Comment
Question by:xirtic
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
NutrientMS earned 250 total points
ID: 22600106
Hi,

You should have a rule in ISA that allows traffic to flow between the networks (Internal) on your ISA to your VPN Site network.  What you may not have, is Localhost set as a FROM address.  Basically, this means you can have all clients behind the ISA server right to ping the netgear and everything behind it, but not the actual ISA server itself.

Post what this rule looks like if you have no joy reconfiguring it.
0
 

Author Comment

by:xirtic
ID: 22600448
I am assuming you mean a firewall policy for the VPN connection that has localhost listed in the From dialog.  It is configured this way currently!
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600711
On your isa server run a log where client ip = <ISA SERVER IP ADDRESS> and see what happens when you ping.  See if you get "DENIED - DEFAULT RULE" or what happens...
0
 

Author Comment

by:xirtic
ID: 22601338
I ran a trace on the ISA server but could not get anything to come back.  One thing that I did notice was that when I tried to ping the Netgear box from the ISA server, it came back with "Negotiating IP Security" as opposed to "Response Timeout".  Not quite sure what this means.
0
 

Author Comment

by:xirtic
ID: 23514603
I figured the problem
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question