how to make an exception for NAT

• From: edolho <edolho@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 21 Oct 2002 04:32:32 +0700

Hi Guys,
I have some problem configuring ISA server (integrated stand alone mode) with2 
NIC behind a router doing VPN to HQ site.
I have configuration as follow :
- ISA 2000 sp1 on W2K server SP3 as the default gateway, so I have all machines 
in branchoffice configured as secureNAT.
- a branch office in another country need doing  domain replication to HQ using 
privateIP, previously was establish by using cisco router to router VPN.
- branch office need firewall and cache, but still need to pass private IP to 
external interface for doing Domain replication and some MS exchange stuff.
- Domain architecture is W2K domain
- Private IP subnet of branchoffice (10.20.x.x) and HQ (10.10.x.x) are listed 
inside LAT

BranchOffice(private_net)---------(NIC/PrivateIP)ISA_SERVER(NIC/PublicIP)----Ciscortr------I.N.T.E.R.N.E.T-----Ciscortr------AnotherFirewall---HQOffice(private_net)

connection to internet for any application I want was just workin fine, but the 
problem comes when the 2 machine (DomainController and ExchangeServer) need 
connection to HQ wich was approach by establish VPN penetrating internet cloud 
using CiscoVPN, 

Scenario #1 :
The traffic from that 2 servers going to the private ip of HQ (10.10.x.x), 
please do not NAT until reach the external NIC of ISA server, so the router can 
catch it as branchoffice's private_ip(10.20.x.x) then router will  wrap it and 
pass it trough vpn using Cisco router to router vpn.

Scenario #2 :
All traffic going to the private ip of HQ (10.10.x.x), please do not NAT until 
reach the external NIC of ISA server, so the router can catch it as 
branchoffice's private_ip(10.20.x.x) then router will  wrap it and pass it 
trough vpn using Cisco router to router vpn.

AnotherFirewall in HQ is able to distinguish the traffic that do not need NAT, 
how to make ISAServer able to do so ?

Expert, please help me to establish one of the above scenario, all advice will 
greatly appreciated

TIA,
EdoLho

Other related posts:

• » how to make an exception for NAT
• » how to make an exception for NAT

1. Home
2. isalist
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---