how to make an exception for NAT
- From: edo lho <edopasaribu@xxxxxxxxx>
- To: ISA List <isalist@xxxxxxxxxxxxx>
- Date: Sun, 20 Oct 2002 23:25:41 -0700 (PDT)
Hi Guys,I have some problem configuring ISA server (integrated stand alone
mode) with2 NIC behind a router doing VPN to HQ site.I have configuration as
follow :- ISA 2000 sp1 on W2K server SP3 as the default gateway, so I have all
machines in branchoffice configured as secureNAT.- a branch office in another
country need doing domain replication to HQ using privateIP, previously was
establish by using cisco router to router VPN.- branch office need firewall and
cache, but still need to pass private IP to external interface for doing Domain
replication and some MS exchange stuff.- Domain architecture is W2K domain-
Private IP subnet of branchoffice (10.20.x.x) and HQ (10.10.x.x) are listed
inside LATConnection Diagram illustrated below
:BranchOffice(private_net)---------(NIC/PrivateIP)ISA_SERVER(NIC/PublicIP)----Ciscortr------I.N.T.E.R.N.E.T-----Ciscortr------AnotherFirewall---HQOffice(private_net)connection
to internet for any application I want was just workin fine, but the problem
comes when the 2 machine (DomainController and ExchangeServer) need connection
to HQ wich was approach by establish VPN penetrating internet cloud using
CiscoVPN, Scenario #1 :The traffic from that 2 servers going to the private ip
of HQ (10.10.x.x), please do not NAT until reach the external NIC of ISA
server, so the router can catch it as branchoffice's private_ip(10.20.x.x) then
router will wrap it and pass it trough vpn using Cisco router to router
vpn.Scenario #2 :All traffic going to the private ip of HQ (10.10.x.x), please
do not NAT until reach the external NIC of ISA server, so the router can catch
it as branchoffice's private_ip(10.20.x.x) then router will wrap it and pass
it trough vpn using Cisco router to router vpn.AnotherFirewall in HQ is able to
distinguish the traffic that do not need NAT, how to make ISAServer able to do
so ?Expert, please help me to establish one of the above scenario, all advice
will greatly appreciatedTIA,EdoLho
---------------------------------
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
Other related posts:
