IT definitions, discussions and more
VPN Clients can not access internal network through ISA 2006
I had a VPN access setup through ISA server 2006 that allow remote access users with dial-in permission to access the internal corporate network and it was working fine for several months, and suddenly we found that the remote access users can successfully dial-in and authenticate with no problems but they can not access any internal network resources. I tried to monitor the connection though ISA server monitoring tool but I could not find any records related to it. Tried also to look in the Routing and Remote access service, the server event logging, also with no luck.
Tried to search on the internet and I found some post talking about the default gateway which gave me a hint.
I have reviewed what changes we made recently, and I found the problem.
Recently, we made another subnet for users separate from the servers subnet and there is a router route traffic between them, and we changes the DHCP server IP address to be in the new subnet with default gate way of the new subnet.
The ISA VPN client access setup was configured to assign IP addresses from the DHCP server of the new users subnet, and the IP address is given to the users with no problem, but we noticed that the default gateway of the VPN clients is the default gateway of the users subnet, and when they try to access internal network through ISA server they can not, that’s because the ISA server access the internal network through the servers gateway not the users gateway.
I solved the problem by changing the VPN configuration of the ISA server to assign the IP address from a static pool in the servers subnet instead of the DHCP server and the problem was solved.