Re: ISA, VPN and Routing!
- From: Jim Harrison <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 18 Dec 2003 06:04:38 -0800
Since you want ISA to treat the RRAS server as the upstream device, you'll have
to change your network a bit.
You'll be creating a perimeter network between ISA and the RRAS box, since they
share a common network - the LAT.
Add a NIC to the RRAS box and give it a whole new RFC-1918 subnet.
Change the ISA external subnet to match the new RRAS subnet and connect them
together. Use the RRAS IP as the ISA default gateway.
What your internal clietns will do is to use the ISA as their defult route and
then that traffic will be passed to the RRAS box for distribution.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Wed, 17 Dec 2003 20:51:23 +0530
Risun Antony <risuna@xxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Hi Jim
I just have the Routing enabled on the ISA.
You mean my private Lan card on the ISA box must have a default gateway, and
that should be the IP address of the RRAS box?
Thanx in advance.
Risun Antony
From: Jim Harrison
Sent: Wed 12/17/2003 8:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, VPN and Routing!
http://www.ISAserver.org
You say you "have routing enabled" on the ISA.
Does this mean that the RRAS server is the ISA default gateway, or have you
just enabled IP routing in ISA?
ISA must use the RRAS box as the default gateway to the Internet if it's to
route properly.
Your ISA ISAInfo (http://isatools.org/isainfo.1.9.5.zip) and the RRAS box
ipconfig/all output will be very useful.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Wed, 17 Dec 2003 16:49:17 +0530
Risun Antony <risuna@xxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Hi All,
I have a specific requirement and would like to know if this is practically
possible and if so some guide lines.
I have deployed an ISA box with a lot of help from the Guides and Articles
posted here.All my internal network exists behind this box.
Now i have two Internet Service Providers. I also have a remote site to which i
require VPN connectivity. This is configured using a windows 2000 server and
placed out side the ISA box. This box, which i will call the VPN box, has
multiple NIC cards. One of the NIC's is used for local lan, one each for my two
ISP's.
My ISA box also has Routing enabled to direct all requests to my VPN box.
My requirement is to be able to provide routing functionality on this server,
such that i can selectively pass traffic through my ISP's. This i am able to do
well enough on the VPN box. But my clients having a gateway to my ISA box, are
in no position to take advantage of this routing. For eg: If i do a tracert for
http://www.hotmail.com/ from my VPN box, it does find the target. But when i do
the same from one of my client machines behind the ISA, it finds till the VPN
box and then drops all packets destined to the internet. But the packets to my
remote network get routed to the VPN correctly.
Thanx in advance.
Risun Antony
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
risuna@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
