Sam
Thu Jul 15 07:10:38 CDT 2004
THanks for all your help Javier,
I have in the end had to bypass ISA Server and just use
te firewall built into the router because they needed it
up and running.
Thanks Sam.
>-----Original Message-----
>Where did you run the route command? in the SBS server
or a workstation?
>
>Make sure that you ran the command "route add -p
192.168.2.0 mask
>255.255.255.0 192.168.16.1" on the SBS server and that
both subnets are on
>the ISA LAT. You should be able to ping everything. If
this doesn't work,
>you may want to post an IPconfig /all of both servers
and maybe a route
>/print.
>
>--
>Javier [SBS MVP]
>
><< SBS ROCKS !!! >>
>
>"Sam Johnson" <sam@dextrafile.co.uk> wrote in message
>news:2bca301c468c1$68c0d020$a401280a@phx.gbl...
>> Thanks Javier,
>>
>> Diagram below:
>>
>> Remote Office:
>>
>> NIC1
>> Clients (192.168.2.0, 255.255.255.0)and W2K Server
>> (192.168.2.2, 255.255.255.0)
>> Switch
>> Router (192.168.2.1, 255.255.255.0) + Public IP
>> Internet
>>
>> HeadOffice:
>>
>> NIC1
>> Clients (192.168.0.0, 255.255.255.0)and SBS2K Server
>> (192.168.0.2, 255.255.255.0)
>> Switch
>> ISA Firewall
>> NIC2
>> Server Public IP
>> Router (192.168.0.1, 255.255.255.0) + Public IP
>> Internet
>> ______
>> | Svr |
>> | ISA | |--------|
>> | | | Switch |
>> _______ |-|N2 N1|---|________|-----Clients
>> |Rtr____|-| |______|
>>
>>
>> Hmmm, I hope this all looks ok!
>>
>> Many thanks Javier,
>>
>> Sam.
>>
>>
>>
>>
>> >-----Original Message-----
>> >Can I get a diagram of your current setup with IPs and
>> subnets? I'm having
>> >issues understanding what did you end up doing and
which
>> routers/computers
>> >have trouble talking to.
>> >
>> >Something along the lines of this should be ok, for
each
>> office:
>> >
>> > Internet
>> > | (public IP)
>> > router
>> > | (192.168.x.y)
>> > --------------
>> > | |
>> > SBS Workstations
>> >
>> >--
>> >Javier [SBS MVP]
>> >
>> ><< SBS ROCKS!!! >>
>> >
>> >"Sam Johnson" <sam@dextrafile.co.uk> wrote in message
>> >news:2bf8c01c46846$fe6974e0$a301280a@phx.gbl...
>> >> Hi Javier,
>> >>
>> >> Thankyou very much for your response. I have
followed
>> it
>> >> through and setup the persistent route. I have also
>> >> changed the router address to 192.168.0.1 and run
the
>> >> ICW. So now my clients can browse the net still and
I
>> can
>> >> ping the branch office from a laptop directly into
the
>> >> router. However I cannot ping the router from the
>> server
>> >> at 192.168.0.2 I guess becasue it is not physically
>> >> connected but I could ping the router from the
server
>> >> before when the router was at 192.168.1.1 I don't
>> >> understand why that is the case?
>> >>
>> >> However the main problem is still being able to ping
>> the
>> >> server from the bramch office (I can ping the HQ
>> router).
>> >>
>> >> I hope this all makes sense.
>> >>
>> >> Thanks again Sam.
>> >>>-----Original Message-----
>> >>>Hi Sam!
>> >>>
>> >>>In reality the "problem" here is keeping ISA and
having
>> >> the VPN using
>> >>>routers. If you take ISA out of the picture then it
>> >> makes it a lot easier
>> >>>because you only need to reconfigure the clients
*not*
>> >> to use ISA (which is
>> >>>the step you I think you are missing). Reconfiguring
>> the
>> >> client means taking
>> >>>out the ISA Client, the proxy parameters and using
the
>> >> router as default
>> >>>gateway.
>> >>>
>> >>>However, keeping ISA here is not impossible and I
would
>> >> highly recommend
>> >>>leaving it there especially if you want to control
>> >> internet access the way
>> >>>ISA does. There are several ways to do it, but I
think
>> >> this post should help
>> >>>you get started...
>> >>>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-
>> >> 8&selm=2eac5d02.0405131207.6d547a8d%
>> 40posting.google.com
>> >>>Please let me know if you have questions!
>> >>>
>> >>>Cheers,
>> >>>
>> >>>--
>> >>>Javier [SBS MVP]
>> >>>
>> >>><< SBS ROCKS !!! >>
>> >>>
>> >>>"Sam Johnson" <sam@dextrafile.co.uk> wrote in
message
>> >>>news:2ac8701c467ed$226ceb10$a501280a@phx.gbl...
>> >>>> Hi there,
>> >>>>
>> >>>> I have a client with 2 offices. They have a SBS2K
>> >> server
>> >>>> at head office with 20 clients mainly running XP
Pro.
>> >> The
>> >>>> SBS runs Exchange and ISA with 2 nics. The Branch
>> >> office
>> >>>> has a W2K server with about 5 clients on W2K Pro
or
>> XP
>> >>>> Pro. The W2K server just has 1 nic.
>> >>>>
>> >>>> At each Site there is a Vigor ADSL Router with
ISDN
>> >> backup
>> >>>> (not setup). I have enabled a IPSEC VPN between
the
>> two
>> >>>> routers (I have also tried using PPTP which made a
>> >> tunnel
>> >>>> fine but did not solve the following problem). I
can
>> >> ping
>> >>>> between a laptop plugged into the routers and I
can
>> >> ping
>> >>>> from HQ to the server at the branch office but I
>> cannot
>> >>>> ping the server at HQ. I have adjusted some
settings
>> in
>> >>>> ISA and can now ping the internal router address
at
>> HQ
>> >>>> 192.168.1.1 but the server lies at 192.168.0.2 and
>> >> cannot
>> >>>> be seen.
>> >>>>
>> >>>> However I have bypassed the ISA server and changed
>> the
>> >>>> router address to 192.168.0.1 (then re-ran ICW)
and
>> >>>> physically linked it to the switch and thus same
>> >> subnet.
>> >>>> I then setup a static route in Routing and Remote
>> >> Access
>> >>>> from the HQ server to the router and network
>> addresses
>> >> at
>> >>>> branch office and this pinged ok. However the
>> internet
>> >>>> access at HQ was then disabled and I don't know if
>> that
>> >>>> is the answer to the problem rather just it proves
>> that
>> >>>> somewhere in ISA Server the route is blocked. I
have
>> >>>> enabled IP Routing in ISA server for packet
filtering
>> >> but
>> >>>> to no avail.
>> >>>>
>> >>>> I am really at a loss as how to talk through ISA
>> >> server.
>> >>>> I have setup the branch office network address
>> >>>> 192.168.2.0 up in the LAT on ISA Server but still
no
>> >> good.
>> >>>>
>> >>>> Is it easier to bypass ISA in the end? Does ISA
>> require
>> >>>> another ISA Server at the branch office? Would it
be
>> >>>> simpler to network 2 ISA Server's? I can VPN in
>> using a
>> >>>> windows VPN client and RDP to the server using the
>> >>>> server's external IP address on the internet.
>> >>>>
>> >>>> Does this all make sense? Any ideas?
>> >>>>
>> >>>> Many thanks Sam.
>> >>>
>> >>>
>> >>>.
>> >>>
>> >
>> >
>> >.
>> >
>
>
>.
>