Site to Site VPN interesting issue

ripzeus · #1 (**permalink**) 02-09-2010, 06:04 PM

Hello all,

Got an interesting issue going on here.

Ok i got all the SSL, L2TP, PPTP VPN's working. I even got SSL and Ipsec site to site vpn's working too.

Now the problem at hand, is when I turn the Site to Site VPN on be it SSL or IPSEC the client remote network (client astaro) can not get to Servers that have differnt gateways.

I have an email server that is running behind an ISA 2006 firewall. Now when i connect, for example my laptop to the SSL VPN or L2TP VPN i can access the email server and all resources just fine.

Now when i connect to the remote sites network with the site to site to vpn. I can't get to any of my servers that are on a differnt gateway than the astaro box.

My local firewall servers are ISA 2006, IP is 192.168.1.1 and Astaro, IP is 192.168.1.2 and my remote firewall astaro is 172.20.20.1

The tunnel connects and works just fine. I can ping both ends if the computers are on the same gateway. But if the server is on my gateway that ISA 2006 handles. I can't access that server/computer from my remote astaro network.

Also the only other issue i am having is i can't seem to resolve names to IP's in Windows.

Any help would be greatful

thnx

And ISA is not an option to remove.

ripzeus · #2 (**permalink**) 02-09-2010, 10:48 PM

I figured it out.

If you want the answer. PM me.

Whity · #3 (**permalink**) 02-10-2010, 06:38 AM

Please post the answer here.

There is nothing i hate more than asking a question in a forum and then not providing the answer after you could solve it.

ripzeus · #4 (**permalink**) 02-10-2010, 02:25 PM

Quote:

Originally Posted by Whity

Please post the answer here.

There is nothing i hate more than asking a question in a forum and then not providing the answer after you could solve it.

While I agree with you, the one thing I hate the most is that people can't find the time to post a question or a possible solution.

I will post the fix when I get home tonight.

BAlfson · #5 (**permalink**) 02-10-2010, 09:16 PM

Thanks in advance, Ripzeus. Sometimes, the turn-around here is hours, and sometimes it's days. If Whity or I had seen this before you found the answer, we would have had the answer for you.

To get some tips about name resolution, google: site:astaro.org dns best practice

Welcome to Astaro!

Cheers - Bob

ripzeus · #6 (**permalink**) 02-11-2010, 02:03 PM

Quote:

Originally Posted by BAlfson

Thanks in advance, Ripzeus. Sometimes, the turn-around here is hours, and sometimes it's days. If Whity or I had seen this before you found the answer, we would have had the answer for you.

To get some tips about name resolution, google: site:astaro.org dns best practice

Welcome to Astaro!

Cheers - Bob

I am going to have to look tonight at what i did. Sorry i didn't get a chance to post what i did to resolve the issue i had. Been busy here at work.

I will try and post the fix tonight when i get home. Yey for 12 hour shifts \o/

ripzeus · #7 (**permalink**) 02-16-2010, 03:22 PM

Simple little fix.

Just add the remote network to the Allowed Networks under DNS, and in the Fowarders TAB add in your DNS servers from the internal network

I'm kinda kicking myself on how easy this is

Dawley · #8 (**permalink**) 02-17-2010, 04:24 PM

We have occasional issues with DNS resolution for our VPN users. The VPN user enters an internal domain name and it won't resolve.

I added our VPN network to the "Allowed Networks". Thanks for the tip!