RE: ISA, VPN and Routing!
- From: Glenn Maks <gmaks@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 17 Dec 2003 09:22:28 -0500
Good Morning Risun - I read your post a couple of times, I think I
understand your setup, you have ISA as your Firewall, Web Proxy, you have
another server running RRAS that connects both of your ISP accounts and
establishes VPN tunnels to your branch offices, you are having trouble
accessing the Internet from your internal private computers? Are we close?
if this is correct, I think I would rearrange it a bit. I think I might do
it this way, have your RRAS server span your internal net with your
public IP address range, build yourself an Edge Router on your Private
network so you can control routes coming from your Internal network and use
this internal router
as your private network's default gateway, your RRAS server will be used to
connect your VPN tunnels to your branch offices and use your ISA server for
your Firewall and Web Proxy services. Perhaps I may not have interpreted
your explanation correctly, could you provide some more detail.
-----Original Message-----
From: Risun Antony [mailto:risuna@xxxxxxxxxxxxx]
Sent: Wednesday, December 17, 2003 6:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA, VPN and Routing!
http://www.ISAserver.org
Hi All,
I have a specific requirement and would like to know if this is practically
possible and if so some guide lines.
I have deployed an ISA box with a lot of help from the Guides and Articles
posted here.All my internal network exists behind this box.
Now i have two Internet Service Providers. I also have a remote site to
which i require VPN connectivity. This is configured using a windows 2000
server and placed out side the ISA box. This box, which i will call the VPN
box, has multiple NIC cards. One of the NIC's is used for local lan, one
each for my two ISP's.
My ISA box also has Routing enabled to direct all requests to my VPN box.
My requirement is to be able to provide routing functionality on this
server, such that i can selectively pass traffic through my ISP's. This i am
able to do well enough on the VPN box. But my clients having a gateway to my
ISA box, are in no position to take advantage of this routing. For eg: If i
do a tracert for http://www.hotmail.com/ <http://www.hotmail.com/> from my
VPN box, it does find the target. But when i do the same from one of my
client machines behind the ISA, it finds till the VPN box and then drops all
packets destined to the internet. But the packets to my remote network get
routed to the VPN correctly.
Thanx in advance.
Risun Antony
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
