VPN client route over site to site vpn ISA 2006
- I have enabled VPN client access and created a site to site VPN (ipsec)
The VPN clients are on 10.10.20.x (RRAS assigned)
The ISA is on 10.10.10.x lan
The remote site is 147.89.x.x
How do I get the VPN clients to route to the remote network. Currently they just route over their normal default gateway.
We used to have this setup on a Cisco and it automatically placed an entry in the routing table of the clients for 147.89.x.x, but I can't see how to do it with ISA
Odpovědi
Hi,
Just as you said, If split-tunneling is enabled, you need to add a static route to the client.
Regards,
Nick Gu - MSFT- Označen jako odpověďNick Gu - MSFTMSFT, Moderátor4. prosince 2009 4:07
Všechny reakce
Hi,
Thank you for the post.
In ISA Server, you can create the network rules(Route) for the Internal network and VPN site network. And then you should create access rule for the VPN client to access internal network. For more information, please refer to the following articles.
http://technet.microsoft.com/en-us/library/cc302474.aspx (same as ISA 2006)
Regards,
Nick Gu - MSFT- That is not the problem. I can connect to resources (RDP to a server) on the 10.10.10.x network from a VPN client, but a tracert to a 147.89.x.x adress goes over my ADSL gateway and not the VPN client assigned route
eg Correct routing
C:\Users\ryan>tracert 10.10.10.30
Tracing route to 10.10.10.30
over a maximum of 30 hops:
1 35 ms 32 ms 52 ms 10.10.20.1
2 36 ms 36 ms 38 ms 10.10.10.30
Trace complete.
Incorrect (should also route via 10.10.20.1)
C:\Users\ryan>tracert 147.89.1.95
Tracing route to 147.89.1.95
over a maximum of 30 hops:
1 13 ms 1 ms 1 ms 192.168.1.1
2 37 ms 34 ms 50 ms lo0-plusnet.pte-ag1.plus.net [195.166.128.64] Hi,
Thank you for the update.
According to your description, I suggest you check the VPN client configuration option and see if you have unchecked the “use default gateway on remote network”. For more information, you may read the following article.
http://www.isaserver.org/tutorials/2004fixipsectunnel.html
Regards,
Nick Gu - MSFT- Zrušeno navržení jako odpověďrnc3009 4. prosince 2009 9:04
- Zrušeno označení jako odpověďrnc3009 4. prosince 2009 9:03
- Navržen jako odpověďNick Gu - MSFTMSFT, Moderátor3. prosince 2009 9:45
- Označen jako odpověďNick Gu - MSFTMSFT, Moderátor4. prosince 2009 4:07
- Yes this is definately unchecked as I turned it off intentionally. If I leave it checked then all traffic goes over the VPN which is not what I want. For instance I lose connection to my email if this is checked.
If I add a static route then the configuration works, what I want is that route to be entered automatically when the VPN connection is made as the Cisco used to do. Hi,
Just as you said, If split-tunneling is enabled, you need to add a static route to the client.
Regards,
Nick Gu - MSFT- Označen jako odpověďNick Gu - MSFTMSFT, Moderátor4. prosince 2009 4:07
- So ISA does not have the capability to push this route to the client on connection then?
