[isalist] Re: Is this possible with ISA 2004 : source NAT before tunneling the traffic ?

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Sat, 1 Apr 2006 05:49:03 -0800

http://www.ISAserver.org
-------------------------------------------------------
  
Define a NAT relationship from "Internal" to "S2S".
You'll have to use publishing rules to get from "S2" to "Internal", but
it sound like this is what you want anyway.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Stefaan Pouseele
Sent: Saturday, April 01, 2006 2:23 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Is this possible with ISA 2004 : source NAT before
tunneling the traffic ?

http://www.ISAserver.org
-------------------------------------------------------
  
Hey guys, 

We have an ISA 2004 SE server with public IP's on the external
interface.
The internal network uses a 10/8 numbering scheme. Now we must configure
a
site-to-site IPSec tunnel mode VPN to a Juniper box. However, we must
NAT
the traffic to a network ID assigned by the remote site *before* sending
the
traffic accross the VPN tunnel (source NAT before tunneling the
traffic). 

Take note that: 
- only general outbound traffic accross the VPN tunnel is needed. 
- if inbound traffic is needed accross the VPN tunnel then a publishing
scenario should be possible.
- there is *no* overlapping between the internal network ID and the
network
ID we must translate to. 

Can this be done on an ISA 2004 and still be manageable?

Thanks,
Stefaan

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

• Follow-Ups:
  • [isalist] Re: Is this possible with ISA 2004 : source NAT before tunneling the traffic ?
    • From: Stefaan Pouseele

Other related posts:

• » [isalist] Is this possible with ISA 2004 : source NAT before tunneling the traffic ?
• » [isalist] Re: Is this possible with ISA 2004 : source NAT before tunneling the traffic ?
• » [isalist] Re: Is this possible with ISA 2004 : source NAT before tunneling the traffic ?
• » [isalist] Re: Is this possible with ISA 2004 : source NAT before tunneling the traffic ?

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---