Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA, VPN tunnel from headquater to branches

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> ISA, VPN tunnel from headquater to branches Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA, VPN tunnel from headquater to branches - 1.Aug.2008 11:19:42 AM   
kabi

 

Posts: 1
Joined: 1.Aug.2008
Status: offline 		Hi,

I have the following problem and hope that anyone can help me.
There is one headquater (HQ) with a ISA server as edge firewall, parallel to this there is a VPN box. Both has an external and  an internal IP address on the same subnet [the internal headquater subnet]. The VPN box is connected to the other branches by site-to-site tunnel.

The aspiration is that for the clients in the headquater the ISA server is the default gateway and no routes on the clients has to been configured. This means for me the ISA server get an static route for the branch subnet over the VPN box, also I creating a network on ISA server for the branch (B) subnet, make an access rule between HQ <-> B and create an networkset to route the traffice between the internal an branch subnet. At the VPN box I create a route for the internal network over the ISA server. Because I have to go back the same way as coming.

But this do not working. In ISA tracing I see the first ping from HQ to B is initiated but all other where dropped with "not identified ip-datatraffic". the tracert from inside the headquarter only show ISA server as first hop...than there are timeouts.

Is this proceeding wrong, or is an error in reasoning?

Thanks in advance for your help,
kabi
Post #: 1
RE: ISA, VPN tunnel from headquater to branches - 19.Aug.2008 8:49:39 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Are the ISA firewalls the VPN tunnel endpoints on both sides?

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to kabi)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> ISA, VPN tunnel from headquater to branches Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts