Internet Access through RAS or VPN

  • From: "jeff hooper" <jeff.hooper@xxxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Wed, 14 Nov 2001 09:05:08 -0700

Routing and Remote access is setup on a box with ISA server in firewall
mode.  The VPN and Modem pool work great.  I want the people that dial-in
to be able to get back out and surf.  Right now the only way I can get
this to work is with the Firewall client.  Here is the setup.

Internal interface has static routes to everything.

External interface has default gateway on it.

RAS Users get private IP when they dial-in ie. 172.20.20.2-254

I have tried both selecting the RRAS as router w/lan and demand-dial
routing, with remote access server always selected.

I have setup a client access group with the IP's of my dial-in users, to
allow all protocols, and all sites.  (This is what lets my Firewall client
users out, but doesn't let my RAS users be SNAT clients for some reason.)

another option is I have a different ISA server that is my default gateway
that the SNAT is working on, but if I remove my default gateway from the
external interface of course the external VPN can't get it because it
won't talk to the outside.. but Dial-in came get out through the other ISA
server.

Having a mental block, please help. Thanks JH


Other related posts: