[isalist] RE: Isa2k4 and IPSec VPN to Cisco RouterCool, cheers Dan. My setup is with 1 internal nic and i have done all the route adds already, so looks like mine was set correctly. The only thing i need to resolve is pointing the clients to the right point in the network for the default gateway. I'll try this tomorrow on some test machines. Ok, the subnet thing is clear also. Thanks again Dan Paul ----- Original Message ----- From: Ball, Dan To: [ISAserver.org Discussion List] Sent: Monday, February 07, 2005 8:34 PM Subject: [isalist] RE: Isa2k4 and IPSec VPN to Cisco Router http://www.ISAserver.org I guess it all depends on how you have your networks setup (which is what prompted my other discussion). Sorry, I had deleted all the previous messages, so I don't remember the details. To summarize it, If you have one internal network NIC in the ISA computer, and all of your subnets are behind it, you need to add those IP ranges into the ISA Network Configurations, and add a ROUTE command to make sure those ranges are going to the right NIC. Or, possibly, increase the subnet mask to make the subnets included. Okay, there is a "little more" to it than that, but that will summarize it. If you have more than one internal network NIC in your ISA computer, you have to do things differently. That is where I haven't found any articles referencing that setup, I had to do most of it trail and error. Which one do ya got? The "Firewall Policy" part is only if you want to have different settings for different subnets. If you want all of your Internal networks to use the same settings, then don't worry about it. ------------------------------------------------------------------------------ From: Paul Crisp [mailto:pcrisp@xxxxxxxxxxxxxxxxx] Sent: Monday, February 07, 2005 14:59 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa2k4 and IPSec VPN to Cisco Router http://www.ISAserver.org ok guys i thought i cracked it but now i'm slightly confused since reading Clints 'Network behind a network' document and also visited the discussion. In the document it states :- <-snip-> Can i now presume that i add my physically connected subnet to the 'Internal' network as well as my other subnets to the 'Internal' network, but i also create Subnet Objects for my other subnets and modify the Firewall Policy Access Rules to reflect these changes ? Sorry for being a dumb a$$ Paul ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pcrisp@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------------------------------------------- This e-mail, together with any attachments, is confidential between the sender and addressee(s). If you are not the intended recipient(s)of this e-mail you should not copy it or use it for any purpose nor disclose its contents to any person: to do so may be unlawful. If you have received this e-mail by mistake please notify the sender immediately by e-mail and delete this e-mail and any attachments from your system. To the maximum extent permitted by law, Metal Bulletin PLC accepts no liability for any loss or damage resulting from unauthorised use of this email or any attachment or from unauthorised use of any information contained or implied in the email or attachments. Metal Bulletin PLC gives no warranty as to the security, accuracy or completeness of this e-mail, or any attachments, after it has been sentnor does it accept responsibility for any errors or omissions in the contents of this message which arise as a result of the e-mail transmission. The views and opinions of the sender are not necessarily those of Metal Bulletin Plc Metal Bulletin PLC takes care to check all outgoing emails but any liability for any loss or damage resulting from any viruses that might accompany this email or any attachments is excluded to the fullest extent permitted by law. If you have reason to believe that this email or any attachment is contaminated with any form of virus please delete it from your system and advise us by return. Metal Bulletin PLC reserves the right to monitor incoming and outgoing emails to investigate or detect any unauthorised use of our system or any other email system. As a result, we may monitor who is sending and/or receiving email, the subject of emails and the content of emails and we may collect related personal information about you within our email system. We will use this information for the purposes set out above and may also disclose it to relevant regulatory authorities. Metal Bulletin PLC is a company registered in England and Wales under registered number 142215 and whose registered office is at 3 Park Terrace, Worcester Park, Surrey, KT4 7HY, England.