RE: Point-to-point T1 connection with Hub & Spoke VPN Network

  • From: "Reeves, Brian" <bjr@xxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 28 Aug 2003 10:44:52 -0500

Tom,

        Thanks.  I will set that up and test it out.

Have a good weekend!

Brian Reeves
Network Administrator

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, August 28, 2003 10:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Point-to-point T1 connection with Hub & Spoke VPN
Network

http://www.ISAserver.org


Hi Brian,

Remember to put all trusted networks into the LAT.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Reeves, Brian [mailto:bjr@xxxxxxxxxxxxxx] 
Sent: Thursday, August 28, 2003 9:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Point-to-point T1 connection with Hub & Spoke VPN
Network


http://www.ISAserver.org


Tom,
        
        Yes, the network is a trusted network.  I configured the Domain
Server when it was part of the main network, and then configured it on
the new network.  It is a member of the same root domain as all of the
other networks, the only difference is that it is connected to the main
network through a few cisco routers over a T1, and the termination of
that cable is from the DMZ nic on the remote server and the DMZ nic on
the hub.

        I even went into RRAS and configured the routing to move traffic
destined for that particular subnet through the DMZ nic.

        The problem is that the two networks just will not see each
other.

Thanks,

Brian Reeves
Network Administrator

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, August 27, 2003 7:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Point-to-point T1 connection with Hub & Spoke VPN
Network

http://www.ISAserver.org


Hi Brian,

Is the remote site a trusted network? If so, you can enable routing
between the internal interfaces and all traffic will move through like
any other router.

HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Brian Reeves [mailto:bjr@xxxxxxxxxxxxxx] 
Sent: Wednesday, August 27, 2003 1:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Point-to-point T1 connection with Hub & Spoke VPN
Network


http://www.ISAserver.org


        I currently have a "Hub and Spoke" network setup for my
organization
using ISA servers at each of our three sites. (Courtesy of documentation
from isaserver.org, THX!)  Two of these sites are VPN Gateway sites,
connecting to the main site through the Internet over broadband.  Right
now, this works just great for communicating with each site.

        My problem is that now, we are adding another site less than 30
miles
away, but we are running point-to-point T1 lines between the facilities
for communication.

        This site will be as large as our current site (Which has 140
clients,
whereas the two remote sites only have 5 each), and I want to know if it
is possible to connect it over the private T1, using the ISA server as
the
hub.  This new site will have its own Domain server and ISA server for
forwarding traffic upstream across the T-1 to our main site.  Clients on
the remote network will be operating in the same domain as everyone
else,
just residing in a different subnet.

        This configuration would basically make my main ISA server (The
hub) a
tri-homed server.  One connection to the external T-1, one internal
connection, and one connection to the T-1 at our remote site.

        Is there possibly a better way to do this?  I did not want to
connect my
routers directly to the switches because I need to be able to control
and
regulate traffic going across the T-1.

        Thank you for any help that you can provide!

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bjr@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bjr@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')




Other related posts: