Solved

VPN connection through ISA

Posted on 2009-07-15
12
460 Views
Last Modified: 2012-06-27
I configured ISA in my Office LAN to receive VPN connection and assign IP to VPN clients automatically using my DHCP server. I can open a VPN connection and be connected fromn home to Office now and I am assigned an IP addres, but my problem is that I am not able to browse any of the servers on my Office LAN.
I did ipconfig /all and I fpund that the Subnet Mask is 255.255.255.255 and the gateway is the same IP that assigned to my VPN connection.
Any hints on ow to be able to navigate into my Office LAN?
0
Comment
Question by:first_MCITP
  • 6
  • 6
12 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 24857136
Did you make sure your routing is in place?? Your VPN clients should receive a good ip address, good DNS server and off course a good default gateway. Also, all computers on your network (or at least the one you would like to connect to) need to have a default gateway for the ip address (or range) your VPN client has. It could be you used a range for your BVPN clients that are not routable thorugh your network..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857209
you are right, this should happen but i don't know why VPN users are not getting the same GW as the local PC. Knowing that both are getting IP from the same DHCP server
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857235
Are you sure that your DHCP server is handing out ip addresses to the machines?? If you are using ISA there is a possibility that your ISA server is handing out the ip addresses in stead off your DHCP server itself..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857281
How to check it?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857292
Do an ipcondig on your VPN machine (and preferably a route print) and check if that ip address is in your DHCP range.
Also, change the ip addresses you set up on your ISA server  for the VPN client to be a class that is outside of your DHCP servers scope.. If they are both in the same scope you can never determen what DHCP server is passing out the ip addresses..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857304
The DHCP IP range is x.x.x.1 till x.x.x.200 and my isa ip is .254. the IP assigned to the VPN client is x.x.x.119 which is included in DHCP
What do you think?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 23

Expert Comment

by:rhandels
ID: 24857439
If you look at your ISA server and it's RRAS properties (you are using RRAS for VPN connections right??) check and see if there are any option there if it is giving out ip addresses... If your local clients do have a default gateway and your VPN clients don't i guess they are receiving their ip address from a diferent source..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857782
no it's not the case, both users and ISA have the same G.W internally and the ISA has a different G.W on the External NIC
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857820
Sorry, but i believe we are talking about something else.. I mean the configuration of your VPN clients.. The default gateway of your internal servers will be ok, else you would have way more problems than only the VPN clients unable to access the network..

So what you need to find out is if RRAS or your internal DHCP server is handing out ip addresses to the VPN clients. Also, you should check and see if the ip addresses your VPN clients are receiving are being routed ok..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24901373
I configured the DHCP relay Agent on RRAS, the same as it was configured before but it still the same problem
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24902171
Could you please do an ipconfig /all on the VPN clients and post it?? Because in my opinion your VPN clients don't have defasult gateways, or at least have an issue with going externally.. Could you also try to do a tracert to an extrenal site like google when loggenm in with VPN? (so all this needs to be done on the client itself, not the server).
0
 
LVL 1

Accepted Solution

by:
first_MCITP earned 0 total points
ID: 24949844
I solved it Guys;
Whenever you connect to a vpn the same will happen, so the mask will be 255.255.255.255, the IP and the gateway will be the same. Once I created a rule in ISA allowing VPN users to access internal network, it was done and solved.
Now I can access my LAN
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now