Someone surely has to be doing this. I've been doing this for years with other firewalls...all of a sudden ISA emerges as a firewall and it's not supported? I find that hard to believe. And, if it's not...is it poor planning on Microsoft's part or another ploy to make companies change their technology to interoperate with their's? I need the intenal Linksys on the DMZ because having the -----Original Message----- From: Gérard Dumazet [mailto:gdumazet@xxxxxxxxxxx] Sent: Monday, November 04, 2002 3:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE : RE: RE : RE : Passing traffic http://www.ISAserver.org Right! Do you really need the internal Linksys ? If you have an adsl router with no NAT between the router and ISA, you should be able to have the tunnel you are looking for ? I have no experience but I al astonished that no one is offering a solution ? sure many guys on this list have such config working. -----Message d'origine----- De : Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx] Envoyé : lundi 4 novembre 2002 20:50 À : [ISAserver.org Discussion List] Objet : [isalist] RE: RE : RE : Passing traffic http://www.ISAserver.org I would love to do a gateway to gateway vpn using the Linksys and ISA; My problem? The Linksys doesn't surrport L2TP and according to Microsoft "If you implement private network addressing in the perimeter network, you cannot use IPSec or Kerberos authentication." -----Original Message----- From: Gérard Dumazet [mailto:gdumazet@xxxxxxxxxxx] Sent: Monday, November 04, 2002 2:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE : RE : Passing traffic http://www.ISAserver.org I understand your point. The vpn router is used at the moment as an end point, why not to open the tunnel from the remote vpn server direct to ISA, the second vpn router being only a router with correct ports opened and a route from its internal interface to the external interface of ISA ??? No way to have some assistance somewhere? I asked MS support about that but the guy told me that this is outside their scope! -----Message d'origine----- De : Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx] Envoyé : lundi 4 novembre 2002 16:03 À : [ISAserver.org Discussion List] Objet : [isalist] RE : Passing traffic http://www.ISAserver.org >why not publish these services to the DMZ ? I've found that you can't publish services to the DMZ using the Server Publishing Rules because you can't have a non routable IP set as the external interface on ISA server so this option won't work considering that my dmz interface is 10.112.1.1. Thanks for the suggestion though...I thought we were rockin' for a second. Casey -----Original Message----- From: Gérard Dumazet [mailto:gdumazet@xxxxxxxxxxx] Sent: Sunday, November 03, 2002 3:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE : Passing traffic http://www.ISAserver.org I am interested also with this problem but i had no time until now to experiment except like you to open the dmz tunnel with bewan and zyxel boxes. I was only thinking something else : to allow traffic means for example for your remote clients to get access to some services inside your main intranet : why not publish these services to the DMZ ? in this case while they reach the dmz they should be able to reach what they need. It is clear that we can't open ISA in such a way that the firewall would be useless. The same outside with destination sets. Let me know what you will finally decide. gd -----Message d'origine----- De : Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx] Envoyé : dimanche 3 novembre 2002 20:00 À : [ISAserver.org Discussion List] Objet : [isalist] Passing traffic http://www.ISAserver.org I'm trying this question again, see if I can get an answer this time. I'm trying desperately to get the ISA to allow traffic to pass through it that is destined for another network. I have a linksys vpn router hanging off of the ISA's dmz. VPN router's LAN(DMZ) address is 10.112.1.3 VPN router's WAN address is 140.168.42.60 The remote network also has a linksys vpn router. VPN router's WAN address is 68.80.66.170 VPN router's LAN address is 10.116.1.1 After establishing the tunnels successfully: I can successfully communicate with hosts on the ISA's dmz from the remote network and I can successfully communicate with the remote network from the hosts on the ISA's dmz. I can communicate successfully(throughr the ISA)from the hosts on the ISA's dmz with clients on the local network behind the isa (10.128.0.0). I cann't communicate with the clients on the local network behind the ISA from the remote network. I can't communicate with the clients on the remote network from clients on the local network behind the ISA. How do I set the ISA to allow the traffic destined for the local network (10.128.0.0) from the remote network (10.116.1.0) pass through it and vice versa? Any help would be greatly appreciated! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gdumazet@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') __________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gdumazet@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') __________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gdumazet@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') __________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')