ISA 2004, XP firewall, isp routers?

Our isp offers a private network service. Main office has an ip of 192.168.10.x with a router at Remote office is 192.168.9.x with a router at At the SBS I add a route from the command prompt route add -p mask

Server is running SBS SP1 with ISA 2004.  Two nics. In ISA I add as part of the internal network.

Remote users cannot see the main office network. This is frustrating because I have 2 other accounts running ISA 2000 that can see all the computers at both the main office and the remote office. Remote office can “see” the SBS with a start-run \\companysbs. They cannot see the application server using similar command. I add the route print -p on the application server and now the remote site can “see” the main office servers. Fine and dandy but the main office has a workstation with a share that we need to access. No luck at all. If we make a Microsoft pptp vpn connection they can see shares on main office XP workstations. Ido everything I can think off so I give up and call Microsoft support.

We describe the situation. The isp describes their routing as virtual private network. The support team latches on to that. I try more than once to explain that they need to think of that connection as pure plain jane routing. Nothing private about it. Well it is private but I do not want them focussing on that. We load netmon to look at what the workstation and the SBS are doing. I tried to make a quick Visio sketch to explain the network. I guess I did not do a great job. The tech mentions that the workstation trace is getting stopped rather abruptly. It was late so I sent the traces to her for more analysis. She was in class the next few days so she passed the case on.

I disable smb signing on the server after I saw some smb stuff in the logs. After gpupdate /force on the server, the XP share, and the remote workstations things seem to be working. Next day it is not working. The night before only 4 of the 8 machines were turned on. I downloaded XP Support Tools. I ran netstat status to see what machine at the remote site was the master browser. I went to the remote site and did the gp updates. At the same time I disabled the computer browser service. After disabling the browser  on all workstations and numerous reboots the only thing showing up in Network Neighborhood were the main office computers. OK. When I click on the XP machines I still get an error message. I forgot the message but I think it was something about computer not available. Maybe something else but it was 5 days ago so I forgot the exact message.

I start another call. They are trying to get me to do stuff in ISA regarding vpn. I once again mention that they are on the wrong track with vpn stuff. I am put on hold for a long time. I go to another XP machine with a few shaes that has the same browsing issues. I dig around in the XP firewall and I see that you can turn on logging. I turn on logging and start a connection. I see the remote connection getting whacked. I make a vpn connection and I see everyting coming in as expected. OK, now I know it is an XP firewall issue. I dig around and I find the Group Policy regarding the XP firewall. I see that I can add additional networks. I add the remote office network. At the XP machine I do gpupdate /force. I disconnect the vpn at the remote workstation and now can connect to the XP machine at the main office.




Leave a Reply

Your email address will not be published. Required fields are marked *