Re: Routing between branch office Site 3 site vpns

ISA makes a very over-restrictive LAN router if you don't handle it
properly.
Nothing is allowed by default between "new" networks that you create on the
ISA.
Every combination of "networks" needs to be accounted for in Access Rules
for the various network to communicate.

If you have:
1. Internal
2. External
3. VPN #1
4. VPN #2

And you create an Access Rule to handle VPN #1 to Internal and another Rule
for VPN #2 to Internal,...that does not allow VPN #1 and VPN # to
communicate,...that requires another Access Rule for VPN #1 <--> VPN #2.

You can combine things in a single Access Rule,...but you have to actually
do it,...it isn't automatic.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"exchangerookie1994" <exchangerookie1994@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:965475AA-8504-4500-87C0-7C65F3C0926B@xxxxxxxxxxxxxxxx
We have 3 sites. Main site with ISA 2006 SE and 2 branch office sites
(sites
B and C) sites B and C have pix 501's configured with ipsec tunnel mode to
ISA 2006 at main site.
Is there a way to transparently route traffic between 2 remote sites
without
setting up another tunnel between the 2 PIx 501's, Since both are vpn into
ISA at main office?

Thanks for your time



.

Relevant Pages

  • Re: unable to connect site to site vpn
    ... One last question I have is if I setup a LT2P VPN between my site and the ... remote site would it have any affect on a IPSec connection that the remote ... All of the sites are using ISA but from some reason they have decided to ... Examine the Access Rules for flaws or omissions. ...
    (microsoft.public.isa.vpn)
  • Re: VPN Clients behind ISA 2006
    ... have installed cisco vpn client v4.8. ... BTW Everything works great when this same machine is in front of the isa ... which means the Access Rules they use must be anonymous. ...
    (microsoft.public.isa)
  • Re: Creating a static route in ISA
    ... create a private link between the two networks, ... Protocols access between the two networks. ... static routes to the Windows routing tables of each ISA ... not a router. ...
    (microsoft.public.isa)
  • Re: Cannot Remote Desktop (or ping) between 2 SBS sites
    ... First step is to change the listening port on all WS you wish to RDP to. ... Next in ISA Server Management Expand Access Policy and under Protocols ... >>> SBS2K3 site to VPN into the SBS2K site, ... >>> are different between networks ofcourse) - still cannot ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2006 - VPN Publishing with IPSec/L2TP Client Support
    ... The access rules you need depend on the traffic you want to allow. ... Jim Harrison (ISA SE) ... Server and VPN clients? ... And are there any special configuration settings ...
    (microsoft.public.isa.configuration)
Loading