Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 1 subscriber
  • Views 15895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN clients need special gateway and internal IP

LoD
Hello @ all,

we have just moved from ISA Server 2006 to ASG (Full Guard) and now I discovered a major problem:

We are using an ERP application client which connects via telnet to the hoster's network. Within our company's intranet the ip address 192.168.143.1 (cisco; fully managed by the hoster) routes this telnet sessions. Only workstations from within a specified range (10-72) are allowed to transmit packets through the cisco.

In the past I had the following setup:
- internal DHCP-Server with classless routing configured (DHCP-Range: 10-99)
- DHCP-pool matches the specific allowed intranet-range
- reservations for ERP-using clients
- ISA-server uses this address pool
- vpn enabled users are in an security group
- each vpn enabled user had a static ip configured for dialing in

Now how can I configure our new astaro to fullfill the basic requirements for the application to work?

Any help is greatly appreciated.

Regards,
LoD


This thread was automatically locked due to age.
Parents
  • 0
    You're right - no RADIUS Group is used in PPTP or L2TP Remote Access.  I didn't read Post #12 closely enough before.  You said you specified "Radius Client IP == astaro-internal-bridge-red" in the NPS settings - I think that's your problem.  Just specify pptp and the Security Group allowed to use it.

    Did that work?

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi Bob,

    wish I could give positive reply. Unfortunately it's still the same. 691 / 734 error.  All logfiles show the same as before deleting the gateway.

    I don't know what to try next. Maybe I forgot some NPS basics? But which of them can influence to authentication method. I'd say it's fact that the mistake must be with the NPS-authentication?


    greetinx
    LoD
Reply
  • 0 in reply to BAlfson
    Hi Bob,

    wish I could give positive reply. Unfortunately it's still the same. 691 / 734 error.  All logfiles show the same as before deleting the gateway.

    I don't know what to try next. Maybe I forgot some NPS basics? But which of them can influence to authentication method. I'd say it's fact that the mistake must be with the NPS-authentication?


    greetinx
    LoD
Children
No Data