Re: Suggestion needed!!

  • From: tim S <tim724342@xxxxxxxxx>
  • To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 8 Oct 2004 12:55:07 -0700 (PDT)

Jim,
 
I will definately make a case for ISA2004 server purchase.  But in the 
meantime....
Can I use the Netscreen 5xp VPN appliance with ISA 2000 in a gateway to gateway 
setup and still control what VPN users can do in internal network?      
 
Thanks


Jim Harrison <jim@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org

The best suggestion I can give is to get ISA 2004.
ISA 2000 does not / can not place routing restrictions on inbound VPN traffic 
to the Internal network.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!

----- Original Message ----- 
From: "tim S" 
To: "[ISAserver.org Discussion List]" 
Sent: Friday, October 08, 2004 06:50
Subject: [isalist] Suggestion needed!!


http://www.ISAserver.org


I have the following requirement:



I have a customer who wants to setup a VPN connection using their hardware VPN 
appliance to our site to access resources in three 
internal servers. This VPN connection will be persistent. I want to make sure 
that the customer can only access those three 
servers and nothing else in the internal network. Likewise, I don't want none 
of my internal users has access to those three 
servers except four people. Also, one of those three servers will need to have 
access to an SQL server in the current internal 
network.



My current network setup: I have a ISA 2000 that sits between public internet 
and internal network. There aren't any routers in 
the internal network. All internal clients and SecureNat serves directly 
connect to the ISA. I have only one ISA license.



I was thinking about splitting the current internal network into two subnets 
(like 10.10.10.0/24 and 192.168.1.0/24) with a windows 
2k or 2k3 router and setup packet filters on the interfaces. The 10.1.1.0/24 is 
current internal network. Add the new subnet ID 
192.168.1.0/24 to the ISA LAT. I was thinking about placing customer's hardware 
VPN appliance outside of ISA and let the traffic 
through external NIC of ISA. The VPN appliance will have the preset IP numbers 
that I tell them. How do I make sure that any 
request from the customer only goes to the new subnet?



If there is any simple approach, I would really appreciate your suggestion.



Thanks

TS



---------------------------------
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
tim724342@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2004