RE: Isa2k4 and IPSec VPN to Cisco Router
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 7 Feb 2005 07:47:13 -0800
Hi Paul,
That article is intended to be "illustrative", not "complete".
There's no way a single article can cover all possible manifestations of a
routed network (except in Hell).
If you have non-local, but not "external", then you need to add manual routes.
________________________________
From: Paul Crisp [mailto:pcrisp@xxxxxxxxxxxxxxxxx]
Sent: Mon 2/7/2005 6:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Isa2k4 and IPSec VPN to Cisco Router
http://www.ISAserver.org
thanks for the reply Jim.
I have looked at the complex network setup and ours config is even more complex
!!
At the moment, i'm trying to ping from a client that is on the same subnet as
one of our ISA firewalls (this is the one that i am testing ipsec on).
Basically we have three offices all with leased line connections to them to
give a triangulated setup.
From there, two of the offces have 1x leased line connection (each office) to
our ISP. At the moment, the office that i'm located in we have ISA 2000 and in
the other office we have ISA 2000 on the live network and ISA 2004 on our
testing network. Between the offices we have routers (obviously) and each
offices clients default gateway is setup to be the router as we have a lot of
cross traffic.
Where ISA 2004 is (office A) i want to be able to ping from client in office A
across the IPSec VPN to the remote locations internal machines.
Are you saying that i would have to switch all of my clients to point to their
local ISA server as a default gateway for any of this to work ?
Paul
----- Original Message -----
From: Jim Harrison <mailto:Jim@xxxxxxxxxxxx>
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>
Sent: Monday, February 07, 2005 2:00 PM
Subject: [isalist] RE: Isa2k4 and IPSec VPN to Cisco Router
http://www.ISAserver.org
This is expected.
If your "remote" WAN hosts don't use ISA as their default gateway, they
can't get across the WAN.
Take a look at this article:
http://isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a_Com
plex_Network.html
-----Original Message-----
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Monday, February 07, 2005 3:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Isa2k4 and IPSec VPN to Cisco Router
http://www.ISAserver.org
Wonder if anyone could help me.
I have followed the excellent documentation produced by ClintD @
Microsoft :
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.mspx
<http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.msp
x> and the IPSec VPN is working correctly between the ISA server and
the Cisco PIX box.
I have confirmed that I can ping machines in the remote private network
from our OWA box that is reverse published. I have just tried to ping
from a regular workstation and this fails, however if I change the
default gateway of the workstation to be the ISA server the ping works
successfully.
To explain more, we have 3 subnets covering 3 offices, so at the moment
our workstations are configured for a router which goes to the other two
offices.
Can anyone help me at all?
Paul Crisp
Snr Network Support Analyst
------------------------------------------------------------------------
-------------------
This e-mail, together with any attachments, is confidential between the
sender and addressee(s). If you are not the intended recipient(s)of this
e-mail you should not copy it or use it for any purpose nor disclose its
contents to any person: to do so may be unlawful. If you have received
this e-mail by mistake please notify the sender immediately by e-mail
and delete this e-mail and any attachments from your system. To the
maximum extent permitted by law, Metal Bulletin PLC accepts no liability
for any loss or damage resulting from unauthorised use of this email or
any attachment or from unauthorised use of any information contained or
implied in the email or attachments.
Metal Bulletin PLC gives no warranty as to the security, accuracy or
completeness of this e-mail, or any attachments, after it has been
sentnor does it accept responsibility for any errors or omissions in the
contents of this message which arise as a result of the e-mail
transmission. The views and opinions of the sender are not necessarily
those of Metal Bulletin Plc
Metal Bulletin PLC takes care to check all outgoing emails but any
liability for any loss or damage resulting from any viruses that might
accompany this email or any attachments is excluded to the fullest
extent permitted by law. If you have reason to believe that this email
or any attachment is contaminated with any form of virus please delete
it from your system and advise us by return.
Metal Bulletin PLC reserves the right to monitor incoming and outgoing
emails to investigate or detect any unauthorised use of our system or
any other email system. As a result, we may monitor who is sending
and/or receiving email, the subject of emails and the content of emails
and we may collect related personal information about you within our
email system. We will use this information for the purposes set out
above and may also disclose it to relevant regulatory authorities.
Metal Bulletin PLC is a company registered in England and Wales under
registered number 142215 and whose registered office is at 3 Park
Terrace, Worcester Park, Surrey, KT4 7HY, England.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pcrisp@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
