Re: VPN between 2 routers Cisco

"Piertonio" <piertonio@xxxxxxxxx> wrote in message
news:OKYbfrS1HHA.4816@xxxxxxxxxxxxxxxxxxxxxxx
Hello All

I've the following scenario:

Internal network-->(SBS2003+ISA2004)---->Cisco--Internet--Cisco---clients
XP Pro.
Between 2 Cisco routers there is a VPN tunnel.

Wich firewall policy should I setup in the ISA2004 to allow to the remote
clients to logon on the SBS2003 server ?

You don't.

By the way you built this you have created a Back-to-Back DMZ between the
ISA and the Cisco box. When the user connects they aren't VPN'ing into the
LAN,...they are VPN'ing into the DMZ and becoming part of the DMZ which is
no different than the Internet as far as the ISA is concerned,...and so is
completely useless.

Your options are:

Option #1
Configure the Cisco box to be a Router/NAT Firewall/VPN Server all at the
same time. Remove ISA from the SBS box. Remove the second Nic from the SBS
box and run it as a normal single-nic server. LAN topology design and IP
addressing scheme are critical.

Option #2
Setup the VPN between the ISA and the remote-side Cisco box.

Option #3
Use a Cisco VPN box side-by-side with the ISA. LAN topology design and IP
addressing scheme are critical.

All three of these options depend on the assumption that the same design
flaw does not also exist at the opposite end of the VPN.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


.

Relevant Pages

  • Re: gateway vpn how-to?
    ... After configuring the "Set up Local ISA VPN Server" wizard, ... After that, reboot the server. ... VPN client connections", finish the configuration afterwards. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN with SBS Premuim
    ... Windows 2003 SP2 networking issues, and then re-ran the CEICW again this time ... I understand that after installing ISA 2004 on the SBS ... server, VPN does not work. ... if you installed SP2 on the SBS server without ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Issues, Cannot ping network resources
    ... resources through VPN after applied SP1. ... You may then reboot the SBS server to see if the issue will be ... Additionally you can upgrade ISA 2000 to 2004 to fix the issue. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA2004 kills VPN outbound
    ... Extract all files to a folder on ISA server. ... Expand the server node and highlight 'Monitoring'. ... After the VPN connection was established, ... |> Since the branch office workstations can connect to the VPN server, ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS PE - Unable to establish Outbound VPN
    ... connect to an external VPN server through SBS with ISA 2004 or VPN to SBS ... the firewall client application identifies the internal/external ...
    (microsoft.public.windows.server.sbs)
Loading