RE: VPN in DMZ help

• From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 30 Oct 2002 07:21:55 -0800

Let me see if I got this correct:

You want to create a VPN from a remote office (Linksys Cable/DSL VPN router)
through your TriHomed ISA server into the DMZ to a Linksys Cable/DSL VPN
router located in the DMZ to an internal network behind the Linksys
Cable/DSL VPN router in the DMZ.

Questions: 

Is the internal network on the LAN interface of the ISA the same as the
internal network on the LAN interface of the Linksys router in the DMZ, or
are they 2 different networks?

If so, why not terminate the VPN at the ISA server itself?

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
La Habra, CA  90631
www.reliancesoft.com

-----Original Message-----
From: Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx] 
Sent: Tuesday, October 29, 2002 10:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN in DMZ help

http://www.ISAserver.org


Remote office location using Linksys EtherFast Cable/DSL VPN Router

Local office location using MS ISA as firewall/proxy for internal
clients.
ISA is configured tri-homed with external, internal and dmz.

I have a second Linksys EtherFast Cable/DSL VPN router sitting on the
dmz coming from the ISA.

I want the remote office Linksys and the local office Linksys to
establish an Ipsec tunnel through the ISA server.  Traffic then is to
pass from the remote office clients to the local office clients on the
internal network.

Linksys in remote office is configured with a public WAN IP and internal
IP of the network behind it, obviously.

Linksys in local office is configured with it's WAN IP as a DMZ adress
and an internal IP of the internal network.

How do I configure the ISA to pass the Ipsec tunnel traffic through to
the Linksys on either end - depending on where the connection is
originating from?

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

• » VPN in DMZ help
• » RE: VPN in DMZ help

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription