Welcome to ISAserver.org

BO inbound access

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> Branch Office >> BO inbound access

Page: [1]

Message

<< Older Topic Newer Topic >>

BO inbound access - 5.Dec.2007 6:10:07 AM

bikram

Posts: 8
Joined: 23.Oct.2007
Status: offline

Hi

i have Isa server 2006 installed on
Windows 2003 SP1
HW Firewall : 172.16.1.1
Isaserver: 172.16.1.2

1) HO LAN : 172.16.1.0 - 172.16.1.255
2) Firewall to Firewall tunneling between 2 offices.
3) BO IP 192.168.103.0 - 192.168.103.255
4) BO access HO with IPs 66.50.102.20-45 and 66.50.102.53-59
5) Exchange 2003 server in BO
6) Can Ping till ISA server but not any other comp.

rest everything is working fine but

1) BO people can not access HO's LAN
2) BOs admin should have full access to All HO LAN

I have tried

1)creating 2nd network in ISA and giving BO's IP range and allowinh all access but then Exchange Access dies and Full BO acess is killed.
2) Creating 2nd network in ISA with Public Ip of BO, 66.50.102.20-45 etc.and giving full access but this too dosent work.

what rules/changes/setup i should make so that BO should have full access to HO's LAN

Please help...

thanx

Post #: 1

Featured Links*

RE: BO inbound access - 18.Dec.2007 3:23:25 PM

pwindell

Posts: 618
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

Isa server 2006
Windows 2003 SP1
HW Firewall : 172.16.1.1
Isaserver: 172.16.1.2

1) HO LAN : 172.16.1.0 - 172.16.1.255
2) Firewall to Firewall tunneling between 2 offices.

What Firewall to Firewall? ISA to ISA...or...HW Firewall to HW Firewall?

3) BO IP 192.168.103.0 - 192.168.103.255
4) BO access HO with IPs 66.50.102.20-45 and 66.50.102.53-59

No.
HO will contact BO on 192.168.103.*
BO will contact HO on 172.16.1.*

6) Can Ping till ISA server but not any other comp.

I have tried

1)creating 2nd network in ISA and giving BO's IP range and allowinh all access but then Exchange Access dies and Full BO acess is killed.

No. Put everything back the way it was.

2) Creating 2nd network in ISA with Public Ip of BO, 66.50.102.20-45 etc.and giving full access but this too dosent work.

No. Put everything back the way it was.

what rules/changes/setup i should make so that BO should have full access to HO's LAN

There is no way to answer that until you clarify #2 mention at the beginning of the post.

_____________________________

Phillip Windell
www.wandtv.com

(in reply to bikram)

Post #: 2

RE: BO inbound access - 20.Dec.2007 1:15:12 AM

bikram

Posts: 8
Joined: 23.Oct.2007
Status: offline

Hi pwindell,
Thanx for the reply

Q: What Firewall to Firewall? ISA to ISA...or...HW Firewall to HW Firewall?
A: it is Hardware Firewall to Hardware Firewall Connection

there is no ISA in any other place than HO.

The setup is like this

BO Network > BO HW Firewall > Internet << >> Internet < HO HW Firewall < ISA < HO Network

the basic reason/need is to get reports on what employees are doing in HO, Max of everything like, Max visited sites, Max downloads, peak time of usage, etc. after that putting restriction, Blocking and manage bandwidth

as we have hardware firewall so no intention of using ISA as one but its ok if we can use it.

Thanx

< Message edited by bikram -- 20.Dec.2007 1:18:08 AM >

(in reply to pwindell)

Post #: 3

RE: BO inbound access - 20.Dec.2007 9:10:52 PM

pwindell

Posts: 618
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

You're going to need to setup a Site-to-Site VPN between ISA and the other Firewall to connect the two offices together. It will have to be a IPSec Tunnel (not PPTP or L2TP). The HO Firewall will be a big obstical to getting that done.

What you do over that connection after that is up to you. I really have no context to address the other monitoring things you mentioned.

I'm home sick with some kind of flue right not so I may not be able to follow the thread, so I hope someone else can take over if you have more questions.

_____________________________

Phillip Windell
www.wandtv.com

(in reply to bikram)

Post #: 4