IPCop, Remote Desktop, Windows VPN and BLUE Interface woes

[demonic]

Since a myrad of people come here, hopefully somsone can help me.

Have an XP Box, its on the green network (protected network). Connects to an ISA Server via VPN.

Without the VPN connection, machines on the blue and green network can remote control it fine.

With the VPN connection and you can no longer access the XP Box via blue, but you can still access it via green.

What is going on here? DMZ pin holes and BLUE Access are all setup, before you ask

Config

IPCop Green : 192.168.1.1
Blue : 192.168.2.1
XP Box : 192.168.1.15
VPN IP for XP Box : 192.168.19.3
Another XP Box : 192.168.1.5
ISA Server : 192.168.1.10

The only thing I can think, is that everyone is on the 192.168 range. But when I am on the IPCop box, I can still ping 192.168.1.15 perfectly fine and green machines can access it fine and remote desktop it fine.

Its also not limited to remote desktop.. remote anywhere 7 and real vnc are all affected. You can remote control it, but as soon as you connect to ISA vpn connection, down the link goes...

 

[BlackAngus]

Some VPN clients prevent access to all networks (other than the network you are vpned to) when they are connected. The feature that allows/dissallows this is called split tunnels.

Your situation seems to be as follows.
VPN not connected = all worky
VPN connected = no worky

With vpn connected can you use your XP box to browser any other local network resources?

EDIT:
Woops! Re read your description. I dont think this applies, as you can remote the box from Green even with VPN connected.

 

[blakjedi]

Blue is on a separate subnet (192.168.2.1).

Unless you give the VPN box an address on that subnet also (by dual homing that box) and create a static mapping/routing between the two, Blue cannot access the resources on the .1.1 subnet or vice versa.

 

[demonic]

Blue is on a separate subnet (192.168.2.1).

Unless you give the VPN box an address on that subnet also (by dual homing that box) and create a static mapping/routing between the two, Blue cannot access the resources on the .1.1 subnet or vice versa.

Umm no.

Clients on my blue network can access pc's on the green interface via remote desktop, vnc and remotely anywhere just fine. Theres no need to add extra routes or network cards.

The problem, is when enabling a vpn connection on a pc that is on green. Blue cannot then access it. Disable vpn and then blue can access it again.

With vpn connected can you use your XP box to browser any other local network resources?

Yes, when vpn is connected it can browse the network fine and thats the problem. I dont know what is up with IPCop.

 

[demonic]

Heres my network setup.

If the client 192.168.1.15 doesnt enable vpn to access the isa internal network. All client can access each other.

 

[Frank]

What happens is, that when you make a Microsoft VPN connection, you get the settings of the target network, and lose your own ones.

Solutions: use the Cisco VPN client to make the connection, in bridge mode, use a VMware session for the connection and remote control, or (better, but more expensive) have your router manage the VPN connection.

 

[demonic]

Thats what I thought DIGuru, but you can ping the box from ipcop and it still works.

Doesnt matter tho, I have replaced IPCop with another ISA server and everything now just works. Actually everything is how I want it.

Funny that, how everything with M$ just works. Throw in something non-m$ and it doesnt lol.

Oh and VPN site to site took like 5 mins to setup heh.