I just spent about 16 hours trying to find a solution to a technical problem I was having. Here’s the sitch (warning: techspeak ahead):
Mission: Site-to-Site VPN between Microsoft ISA 2004 and SonicWALL TZ170.
I expected this to be fairly slam-dunk since both Microsoft and SonicWALL had technotes for this procedure. [Microsoft document; SonicWALL document] (By the way, the SonicWALL link is complex one, so hope it works. Also, I have to say that the SonicWALL site has one of the best implementations of an interactive online support agent. You start with keywords and then it interactively asks questions narrowing down the solution. I’m sure kudos are more toward the individuals supplying the content rather than the portal provider, but still…)
Application of said documents took about an hour. Didn’t quite work. Mostly worked. I then googled my brains out. I was searching for every document, every shred of anything that might have something to do with this issue. Nada. Then I started going deep into IPSec debugging. Found specific error codes that could generate more search hits. Nada. Then went to well-known support sites for said products. One is www.isaserver.org . Great site, but the Search box didn’t even turn up documents that Google found on the same site!
Tonight, after getting a HUGE kick from What’s Up, Tiger Lily I decided to checkout isaserver.org’s forums. Registered, found a lot of activity, then did a search on the forum… bang. I found a post from someone that knew exactly what he was talking about and I was flying about five minutes later. (If you’re wondering what the problem was, the VPN tunnel had corresponding subnets configured, but packets from ISA were arriving from the ISA WAN IP and the SonicWALL did not have a corresponding IPSec policy for it. Solution, add ISA external IP to SonicWALL VPN policy and add SonicWALL external IP to ISA VPN policy.)
The moral… I got too google-centric. Google to find focus sites, then dig deep into that site’s data!
ps: I love SonicWALL products.