[LONG POST] Second Internal network behind leased line on ISA2004

• From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Tue, 14 Mar 2006 16:45:06 -0300

Hello, all! Me again. (me, me, me....)
 
I have an ISA 2004 on a customer, and we're having a scenario that I
haven't dealt with yet:
 
Remote network 1
(192.168.3.0/24)
        |
        |
D-Link VPN Router (static valid ip address)
DI-804HV (IPSec VPN Tunnel against ISA)
       |
       |
Leased internet connection Router
       |
       |
       |
Another leased internet connection Router
       |
       |
ISA Server 2004 (static valid ip address)
       |
       |
       |
Internal Network (192.168.1.0/24)
       |
       |
Frame relay router (192.168.1.70)-------------------------------
                                                                       
               |
                                                                       
               |
                                                                      
Another frame relay router
                                                                       
          (192.168.4.70)
                                                                       
               |
                                                                       
               |
                                                                       
               |
                                                                       
    Remote network 2
                                                                       
          (192.168.4.0)
 
 
This customer in question hired the Frame Relay service and thought he
could configure it. We didn't have it before.
 
When I arrived, the customer had placed the 192.168.3.0 network on the
Internal network object. Needless to say, the IPSec VPN site-to-site
tunnel stopped working because the IPSec policies on both sides stopped
working.
 
Well, when I solved that issue we proceeded to create the second
Internal Network object for Remote Network 2. I created the network
object itself as an Internal Network, Routing relationship set to route,
access policies, all good.
 
If we generate traffic from internal -> Remote Network 2, isa drops
everything. On the logs, it doesn't record which rule denied it.
Samething for traffic going to the opposite side. If we create the
routes manually on 2 workstations on both sides, everything works ok
(discarding route problems here).
 
Is it possible to provide internet access for Remote Network 2 in this
scenario? What am I missing here?
 
Thanks in advance,
 
 
 
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br 
 
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu
conteúdo é restrito ao destinatário da mensagem. Caso você tenha
recebido esta mensagem por engano, queira por favor retorná-la ao
destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado,
replicação ou disseminação desta mensagem ou parte dela é expressamente
proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade
desta informação.

Other related posts:

• » [LONG POST] Second Internal network behind leased line on ISA2004
• » [SOLVED] Second Internal network behind leased line on ISA2004

1. Home
2. isalist
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---