[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

ISA 2006 VPN Connection

I've set-up a VPN connection using ISAs wizards and have managed to connect my laptop to the VPN and obtain an IP address via DHCP. I cannot however access any machines on the internal network nor has the DHCP given out the correct default gateway of the internal network, IPCONFIG shows default gateway as 0.0.0.0. Any ideas what could be wrong?
0
EdMacFly
Asked:
EdMacFly
  • 5
  • 4
1 Solution
 
EdMacFlyAuthor Commented:
As a further note, the machine that is connecting is a Windows 7 machine. Also, within the ISA Alerts, it appears that the VPN connection has triggered an IP spoofing warning.
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Did you create the firewall policy that enable the communication from VPN network to Internal network?

Also, Go to networking and tell me what is the network rule relation on the VPN network rule.


VPN-Policy.jpg
VPN-NETWork.jpg
0
 
EdMacFlyAuthor Commented:
Both the rule and policy look the same as your screenshots.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Ok, make confirm that you can ping the internal network from the localhost.

Also, try to change the DHCP option on the ISA server to be taken from static address range.

0
 
EdMacFlyAuthor Commented:
I cannot ping from the VPN client. Should I try setting a static address or has that revealed the problem?
0
 
Hisham_ElkouhaCommented:
try creating a new rule that allow connection from VPN clients and Local host to Internal Network
0
 
EdMacFlyAuthor Commented:
That's done it! Excellent. After connecting I could ping the ISA box using it's name but I could not ping the DC using it's name nor could I connect to it without using it's IP address. Any idea why that information is not getting through?
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
I can see from the previous steps that the error may be in the DHCP, you said that you can successfuly taking an Ip address from the DHCP and the error in the default gateway so we can make one more check on the DHCP options as follow:

Go to the DHCP and open the scope that you were assigned before to the VPN users and check the scope option for router ( optionn 003 ) and make confirm that the correct GW is available.

0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Also check the DNS setting on the DHCP scope options.
0
 
EdMacFlyAuthor Commented:
Right! I've checked those points and everything seems fine. I can now access internal resources so that is good and have also found that I can make an rdp connection to the DC using it's FQDN rather than just it's name which is fine.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now