[isalist] Re: Internal - external, both nat & route

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 12 Feb 2010 18:56:07 +0000

A S2S VPN offers better security (encrypted tunnel, auth'd endpoints, etc.), 
but the basic route structure is simpler to construct and troubleshoot.
Also, the S2S VPN offers the advantage of being a logical network within the 
ISA networking structure, while the routing structure can only use a subnet 
definition that ends up being a subset of the external network.
Also, the S2S VPN may be dependent on the compatibility of the remote site with 
RRAS S2S VPN.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thor (Hammer of God)
Sent: Friday, February 12, 2010 10:51 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Internal - external, both nat & route

Jim, would you suggest point to point VPN for this instead?  Or leave it as is?

t

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Friday, February 12, 2010 10:46 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Internal - external, both nat & route

Yes, you can, but this assumes that:

1.       The clients in your site use ISA as the last hop to the Internet

2.       you and your ISP can define the proper routes.

3.       You define the special network relationship higher than the default 
internal/external network rule

Your ISP will have to use your ISA external IP as the route to your internal 
network

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Reimer, Mark
Sent: Friday, February 12, 2010 8:14 AM
To: ISAlist
Subject: [isalist] Internal - external, both nat & route

Hi folks,

ISA 2004, standard, 3 legs: internal, DMZ, external

Currently, I have a NAT between my internal and external. Works great. External 
is direct connect to ISP. We have an remote site that I would like to set up a 
permanent connection to, thus would like to route one set of addresses to/from 
the remote site, through ISA. Internet connection between, special routes done 
by ISP already taken care of.

Main site: 192.168.128.x/23
Remote site: 192.168.3.x/24

Can I route (not NAT) traffic (just 192.168.3.x) from main site, heading to 
remote site, and all other traffic going from main site gets NAT'ed (like it is 
currently)?

Thanks.

Mark

• References:
  • [isalist] Internal - external, both nat & route
    • From: Reimer, Mark
  • [isalist] Re: Internal - external, both nat & route
    • From: Jim Harrison
  • [isalist] Re: Internal - external, both nat & route
    • From: Thor (Hammer of God)

Other related posts:

• » [isalist] Internal - external, both nat & route- Reimer, Mark
• » [isalist] Re: Internal - external, both nat & route- Jim Harrison
• » [isalist] Re: Internal - external, both nat & route- Thor (Hammer of God)
• » [isalist] Re: Internal - external, both nat & route - Jim Harrison

1. Home
2. isalist
3. Archive
4. 02-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---