Welcome to ISAserver.org

IPSEC tunnel from ISA2004 in private DMZ

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> IPSEC tunnel from ISA2004 in private DMZ

Page: [1]

Message

<< Older Topic Newer Topic >>

IPSEC tunnel from ISA2004 in private DMZ - 21.Jan.2006 5:17:15 PM

willi042

Posts: 33
Joined: 12.Oct.2004
Status: offline

Hello together,

first of all:
Microsoft EMEA consulting and Services and Support more than once confirmed that this scenario is supported from ISA but unfortunately they are not able to get it to work for more than 3 weeks now.

I´m searching for someone who succesfully installed the following scenario:

LAN1 -> ISA1 -> DMZ (private addresses) -> ext. Firewall (NAT) -> Internet -> ISA2 -> LAN2

What works:
establish connection (ping) from LAN2 to LAN1

What does not work:
establish connection from LAN1 or ISA1 to LAN2 or ISA2

From my point of view it makes sense that the first connection works because the tunnel endpoints are what they really are.
In the second case ISA2 recognizes that the original packet comes from ISA1´s external interface which has a private Address and not - as configured - for the tunnel from the external address of the external FW.

I personally doubt that this can work at all resp. more than it already works.
The only thing I can imagine how to get it to work is manually make the appropriate entries within registry.

If there´s anyone out there who has this running or definetely knowing that this cannot work as I already assume please give me sign.

Thanks

Post #: 1

Featured Links*

RE: IPSEC tunnel from ISA2004 in private DMZ - 22.Jan.2006 5:09:05 PM

ClintD

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

I have personally set this up and I know it works. If you'd care to post the details,, we could probably sort it out. As you say - the tunnel SAs are established since...