Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN connection through ISA

Posted on 2009-07-15
12
Medium Priority
?
468 Views
Last Modified: 2012-06-27
I configured ISA in my Office LAN to receive VPN connection and assign IP to VPN clients automatically using my DHCP server. I can open a VPN connection and be connected fromn home to Office now and I am assigned an IP addres, but my problem is that I am not able to browse any of the servers on my Office LAN.
I did ipconfig /all and I fpund that the Subnet Mask is 255.255.255.255 and the gateway is the same IP that assigned to my VPN connection.
Any hints on ow to be able to navigate into my Office LAN?
0
Comment
Question by:first_MCITP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 24857136
Did you make sure your routing is in place?? Your VPN clients should receive a good ip address, good DNS server and off course a good default gateway. Also, all computers on your network (or at least the one you would like to connect to) need to have a default gateway for the ip address (or range) your VPN client has. It could be you used a range for your BVPN clients that are not routable thorugh your network..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857209
you are right, this should happen but i don't know why VPN users are not getting the same GW as the local PC. Knowing that both are getting IP from the same DHCP server
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857235
Are you sure that your DHCP server is handing out ip addresses to the machines?? If you are using ISA there is a possibility that your ISA server is handing out the ip addresses in stead off your DHCP server itself..
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 1

Author Comment

by:first_MCITP
ID: 24857281
How to check it?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857292
Do an ipcondig on your VPN machine (and preferably a route print) and check if that ip address is in your DHCP range.
Also, change the ip addresses you set up on your ISA server  for the VPN client to be a class that is outside of your DHCP servers scope.. If they are both in the same scope you can never determen what DHCP server is passing out the ip addresses..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857304
The DHCP IP range is x.x.x.1 till x.x.x.200 and my isa ip is .254. the IP assigned to the VPN client is x.x.x.119 which is included in DHCP
What do you think?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857439
If you look at your ISA server and it's RRAS properties (you are using RRAS for VPN connections right??) check and see if there are any option there if it is giving out ip addresses... If your local clients do have a default gateway and your VPN clients don't i guess they are receiving their ip address from a diferent source..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24857782
no it's not the case, both users and ISA have the same G.W internally and the ISA has a different G.W on the External NIC
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24857820
Sorry, but i believe we are talking about something else.. I mean the configuration of your VPN clients.. The default gateway of your internal servers will be ok, else you would have way more problems than only the VPN clients unable to access the network..

So what you need to find out is if RRAS or your internal DHCP server is handing out ip addresses to the VPN clients. Also, you should check and see if the ip addresses your VPN clients are receiving are being routed ok..
0
 
LVL 1

Author Comment

by:first_MCITP
ID: 24901373
I configured the DHCP relay Agent on RRAS, the same as it was configured before but it still the same problem
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24902171
Could you please do an ipconfig /all on the VPN clients and post it?? Because in my opinion your VPN clients don't have defasult gateways, or at least have an issue with going externally.. Could you also try to do a tracert to an extrenal site like google when loggenm in with VPN? (so all this needs to be done on the client itself, not the server).
0
 
LVL 1

Accepted Solution

by:
first_MCITP earned 0 total points
ID: 24949844
I solved it Guys;
Whenever you connect to a vpn the same will happen, so the mask will be 255.255.255.255, the IP and the gateway will be the same. Once I created a rule in ISA allowing VPN users to access internal network, it was done and solved.
Now I can access my LAN
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Is your computer hacked? learn how to detect and delete malware in your PC
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question