Re: site to site connection
- From: Nuno Santos <NunoSantos@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 4 May 2007 04:09:04 -0700
God Morning Philip
If I have understand your solution, i must configure the two server network
card for the same subnet (10.0.0.X)?
My probem is that the VPN router is not only providing access to the VPN but
also to the Internet.
I think that one of the solutions will be the configuration of two diferents
IP on the router, one to access the VPN on the 10.0.0.X subnet, this port
will be connected to the switch, the other can be 192.168.100.X and will
connect to the external network card.
Is this correct?
"Phillip Windell" wrote:
"Nuno Santos" <NunoSantos@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:AC01E30A-4C8E-4D24-A8B1-550C1E739360@xxxxxxxxxxxxxxxx
headquarter, 10.0.0.X mask 255.255.255.0
where 10.0.0.1 is the active directory and ISA server, this server has two
network cards, 10.0.0.1 and 192.168.100.10
The router that is conected to the HQ is 192.168.100.2
That is not possible. The HQ has to be on the internal side not the external
side.
You have to have this layout:
10.0.0.X mask 255.255.255.0 (router 10.0.0.2) HQ
10.0.2.X mask 255.255.255.0 (router 10.0.2.2) Branch 1
10.0.4.X mask 255.255.255.0 (router 10.0.4.2) Branch 2
10.0.5.X mask 255.255.255.0 (router 10.0.5.2) Branch 3
10.0.6.X mask 255.255.255.0 (router 10.0.6.2) Branch 4
10.0.7.X mask 255.255.255.0 (router 10.0.7.2) Branch 5
Static Route on ISA:
C:\> Route add -p 10.0.0.0 mask 255.255.0.0 10.0.0.2
But I would prefer covering the whole RFC Private Range:
C:\> Route add -p 10.0.0.0 mask 255.0.0.0 10.0.0.2
IP Ranges in the Internal Network Definiton (at bare minimum)
10.0.0.0 - 10.0.0.255
10.0.2.0 - 10.0.7.255
But I would prefer covering the whole RFC Private Range:
10.0.0.0 - 10.255.255.255
Domains Tab of Internal Network Definiton
<list all AD Domain Names of the entire Corporation>
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
- Follow-Ups:
- Re: site to site connection
- From: Phillip Windell
- Re: site to site connection
- References:
- Re: site to site connection
- From: Nuno Santos
- Re: site to site connection
- From: Phillip Windell
- Re: site to site connection
- Prev by Date: DNS through VPN - I want \\nameofserver instead of \\nameofserver.domain.local
- Next by Date: Re: site to site connection
- Previous by thread: Re: site to site connection
- Next by thread: Re: site to site connection
- Index(es):
Relevant Pages
|
Loading
