RE : RE: RE : PIX,ISA and VPN
- From: Gérard Dumazet <gdumazet@xxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 31 Oct 2002 06:02:35 +0100
I was thinking to terminate VPN on ISA for clients using resources on
our INTRANET. But we have also clients using our POSTFIX on the DMZ.
Should be better to terminate the VPN on the BEWAN and then normally
pass ISA
GD
-----Message d'origine-----
De : Don McCall [mailto:DMcCall@xxxxxxxxxx]
Envoyé : mercredi 30 octobre 2002 22:29
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: RE : PIX,ISA and VPN
http://www.ISAserver.org
Hi Guys,
I took the easy way out, I terminate the VPN on the ISA (used the
wizard) after it has come through the PIX.
You only need to allow 2 protocols on your access list in the PIX to
allow it as far as the ISA.
access-list outside_in permit tcp any host x.x.x.x eq 1723
access-list outside_in permit gre any host x.x.x.x
Where x.x.x.x is the outside public address on the PIX which in our case
is dedicated to VPN. I do not publish this outside address in any way so
only those users who need it are provided with it.
Well that was my answer to the problem I know it is not quite what you
are looking for though.
Don McCall Email: dmccall@xxxxxxxxxx
Infrastructure Administrator - Information Systems
Baptist Community Services NSW & ACT
Telephone: (02) 9941 6049
Fax: (02) 9889 1520
Address: Corporate Services - 157 Balaclava Road Marsfield NSW 2122
-----Original Message-----
From: Gérard Dumazet [mailto:gdumazet@xxxxxxxxxxx]
Sent: Thursday, 31 October 2002 4:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE : PIX,ISA and VPN
http://www.ISAserver.org
This is similar to my previous request. I hope anyone has an idea. I am
really interested for any idea, let us know if you find something.
-----Message d'origine-----
De : Rami SIK [mailto:rami@xxxxxxxxxxxxxxx]
Envoyé : mercredi 30 octobre 2002 16:56
À : [ISAserver.org Discussion List]
Objet : [isalist] PIX,ISA and VPN
http://www.ISAserver.org
Hello all,
I have a problem with my laptop users whe want to make VPN to our LAN
from internet. In order to do this, I put VPN support in my Cisco PIX
firewall. But my question is how to configure ISA server to get VPN
clients (ended at PIX) into LAN.
Thanks,
Internet
----------
|
| (Registered IPs used here)
|
|
--------------
| Cisco |
| PIX |
| VPN |
| enabled|
--------------
| |
|-----------| DMZ (192.168.0.0 used here)
| |
|
---------------
| MS ISA |
| Server |
| |
----------------
|
|
|
|
---------
LAN (10.0.0.0 used here)
----------------------------
Rami SIK
System & Network Admin
CCNA
Kimyatas A.S.
+90-212-334-4963 (Tel)
+90-212-334-4998 (Fax)
rami@xxxxxxxxxxxxxxx
----------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gdumazet@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dmccall@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gdumazet@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
- » RE : RE: RE : PIX,ISA and VPN