I have a ISA 550 and I have everything I could imagine working over the IPSEC VPN but being able to sync outlook to an Exchange 2007 server. Accessing shared folders works, other client server programs work as well. I can ping the Exchange server over the VPN and address resolution for the server name or FQDN wasn't working so I added an entry in the windows host file to make sure it was resolving correctly to the IP. I've experimented with adding entries for both the server name and FQDN to the hosts and/or lmhost file in every combination without success. Every port between the VPN and LAN is open so it can't be a port issue. I've tried setting the MTU value to 1100, 576, and a few other suggestions all without success. I've read every forum topic on similar problems I could find (up to googles top 50 results) and tried every suggestions I could find all without success. Since I'm about to be out of options I thought I would ask if anyone has had similar issues? Below is a checklist to provide more info and background.
1. The ip assigned to VPN users is on the same subnet as the exchange server. I.e. user = 192.168.1.XXX and exchange server 192.168.1.XXX.
2. Assignable VPN user ips are reserved on the DHCP server.
3. Users can access network resources like shared folders and are successfully authenticated against a LDAP (active directory) server to log in.
4. Users can use other client server programs I.e. access to an SQL server works great.
is this a remote access VPN? Are you using TCP or UDP as the transport on the client, I would use UDP if you can. This is normally an MTU issue. Also make sure you are not blocking ICMP messages so that Path MTU discovery can work correctly.
It is a remote access IPSEC VPN with clients configured to use IPSEC over UDP. I went throught the troubleshooting article here http://networkadminkb.com/KB/a62/troubleshooting-mtu-path-discovery-issues-over-a-vpn-tunnel.aspx and found that the maximum packet size when pinging the server is 1072 so MTU is 1100. I receive the "packet needs to be fragmented but DF set." message when pinging over 1072 so I believe that means ICMP and path MTU discovery are working correctly. I checked that the MTU was set to 1100 on all interfaces and surprisingly the server asked for login credentials when first opening outlook but it still will not sync. I.e. "trying to connect to microsoft exchange" and then "disconnected".
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...