RE: Routing Protocols

  • From: "Paul Crisp" <PCrisp@xxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 13 Apr 2005 20:32:44 +0100

Sorry gang to hassle, but can someone give me a definitive answer on this. Can 
a remote IPSEC S2S VPN access a subnet behind my ISA firewall, or do I have to 
do something to enable this to happen.
 
I need an answer as I'm in conversation with the remote site of our S2S VPN in 
the US and I'm based in the UK
 
Cheers, and I'll try and be paitent :)
 
Paul

________________________________

From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Wed 4/13/2005 16:53
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Routing Protocols


http://www.ISAserver.org


I thought I would phase in the questions :-)

 

The first problem was a client VPN, but the main problem is S2S. Is there no 
way a remote connection on the end of a S2S can reach subnets behind my ISA ?

 

Paul Crisp 
Snr Network Support Analyst 

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: 13 April 2005 16:45
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Routing Protocols

 

http://www.ISAserver.org

It won't.

The S2S part was an important missing point, there Paul.

Now you have to ask Andrew all your questions for a week.

:-)

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> 

   http://isatools.org <http://isatools.org/> 

   Read the help / books / articles!

-------------------------------------------------------

 

________________________________

From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] 
Sent: Wednesday, April 13, 2005 08:38
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Routing Protocols

 

http://www.ISAserver.org

Hi Jim,

 

It's an W2k3 and AD and I'm using ISA 2004, ok the only thing that didn't seem 
to be set was Control Access Through the Remote Access Policy......

 

How would this work if you had an IPSEC Site-2-Site connection?

Paul Crisp 
Snr Network Support Analyst 

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: 13 April 2005 16:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Routing Protocols

 

http://www.ISAserver.org

Is this company a W2K or later domain?

If so, your per-user dial-in permissions include the ability to add specific 
routes, DNS, etc. to that user.

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> 

   http://isatools.org <http://isatools.org/> 

   Read the help / books / articles!

-------------------------------------------------------

 

________________________________

From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] 
Sent: Wednesday, April 13, 2005 08:17
To: [ISAserver.org Discussion List]
Subject: [isalist] Routing Protocols

 

http://www.ISAserver.org

I have a network behind a network scenario and internally, everything works 
hunky dory.

I have a situation where if I connect to the ISA Firewall via VPN from outside 
of the office, I cannot ping the remote subnets without manually adding a route 
to my home machine and explicitly defining the DHCP IP address I have been 
given by the VPN as a gateway.

Is there anyway around this?

Paul Crisp

Snr Network Support Analyst

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 04-2005