Announcement

Collapse
No announcement yet.

Isa server 2006

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Isa server 2006

    Hi.

    I have instaled ISA 2006 on W2K3 box in W2K8 domain.

    I have configured ISA as VPN server and dynamic IP adresses for VPN clients (I have DHCP on network).

    I create a VPN connection on my home computer (Vista Ult. x64) and I sucessfully connect to VPN server and I can ping all running remote servers.


    Problem is that I can establish RDP session thru VPN only to DC. I can't establish RDP to other servers. (When I establish a RDP session to DC, from DC I can connect to other server thru RDP)

    I can ping only IP adresses, no names. DHCP server is configured to lease all config, including DNS server IP (DNS iz DC)

  • #2
    Re: Isa server 2006

    Are you getting a DNS server when connected?
    Have you created a firewall rule between the VPN clients and the internal network?
    Have you setup the correct route (or nat) relationships between the networks?
    Have you tried giving out static addresses (you can configure a static IP pool in the ISA console) to see if this works out?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Isa server 2006

      Originally posted by Dumber View Post
      Are you getting a DNS server when connected?
      Have you created a firewall rule between the VPN clients and the internal network?
      Have you setup the correct route (or nat) relationships between the networks?
      Have you tried giving out static addresses (you can configure a static IP pool in the ISA console) to see if this works out?
      Partially solved...

      Added network "VPN Clients" to "Internal Communicatons" rule... Now I can ping (and RDP) every server using FQDN, but can't ping DC.

      When pinging FQDN of DC I get an IP addr of ISPs DNS (without reply)


      Configured routing between VPN clients to internal network, where source is "VPN clients and Quarantined VPN Clients" and destination is "Internal Network"

      Comment


      • #4
        Re: Isa server 2006

        Are you getting the DNS servers of the internal domain or an external DNS?
        What happens if you issue nslookup?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Isa server 2006

          I get external DNS IP.

          My PC is a member of domain and a VPN client for ISA. From my computer I connect to VPN server (ISA 2006) which is in another company and different domain then my own. (I'm an Admin in both companies)

          After I'm connected to VPN, I run nslookup from cmd and get my local domain DNS server.

          When I ping a remote DC, that I should access thru VPN, I get theirs External DNS IP (DNS IP of ISP). I can only ping it by IP address.

          Comment


          • #6
            Re: Isa server 2006

            Well in that case it explains why it goes wrong.
            Have you checked the DHCP scope and have you tried giving out static addresses (you can configure a static IP pool in the ISA console) to see if this works out?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Isa server 2006

              No, havent tried static addresing. ISA is running all the time so I can't experiment
              .
              10 IP adresses from DHCP scope have been reserved automatically by RAS when I configured VPN on ISA.

              I can ping all computers in domain by name except Domain Controller...


              Now I have demand that VPN users must use smart cards for logon

              But that is for another topic...

              Comment

              Working...
              X