Sorry gang to hassle, but can someone give me a definitive answer on this. Can a remote IPSEC S2S VPN access a subnet behind my ISA firewall, or do I have to do something to enable this to happen. I need an answer as I'm in conversation with the remote site of our S2S VPN in the US and I'm based in the UK Cheers, and I'll try and be paitent :) Paul ________________________________ From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] Sent: Wed 4/13/2005 16:53 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Routing Protocols http://www.ISAserver.org I thought I would phase in the questions :-) The first problem was a client VPN, but the main problem is S2S. Is there no way a remote connection on the end of a S2S can reach subnets behind my ISA ? Paul Crisp Snr Network Support Analyst ________________________________ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 13 April 2005 16:45 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Routing Protocols http://www.ISAserver.org It won't. The S2S part was an important missing point, there Paul. Now you have to ask Andrew all your questions for a week. :-) ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- ________________________________ From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] Sent: Wednesday, April 13, 2005 08:38 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Routing Protocols http://www.ISAserver.org Hi Jim, It's an W2k3 and AD and I'm using ISA 2004, ok the only thing that didn't seem to be set was Control Access Through the Remote Access Policy...... How would this work if you had an IPSEC Site-2-Site connection? Paul Crisp Snr Network Support Analyst ________________________________ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 13 April 2005 16:30 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Routing Protocols http://www.ISAserver.org Is this company a W2K or later domain? If so, your per-user dial-in permissions include the ability to add specific routes, DNS, etc. to that user. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- ________________________________ From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] Sent: Wednesday, April 13, 2005 08:17 To: [ISAserver.org Discussion List] Subject: [isalist] Routing Protocols http://www.ISAserver.org I have a network behind a network scenario and internally, everything works hunky dory. I have a situation where if I connect to the ISA Firewall via VPN from outside of the office, I cannot ping the remote subnets without manually adding a route to my home machine and explicitly defining the DHCP IP address I have been given by the VPN as a gateway. Is there anyway around this? Paul Crisp Snr Network Support Analyst All mail to and from this domain is GFI-scanned.