• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Pix to Pix

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Pix to Pix Page: [1]
Login
Message << Older Topic   Newer Topic >>
Pix to Pix - 10.Aug.2006 11:41:05 PM   
Xignals

 

Posts: 31
Joined: 9.May2002
From: Alabama
Status: offline
We are trying to create a VPN with a Pix to our remote office.  It is connected to another pix.  The internal Pix has it's own internet connection so it is not going through ISA.  It has an IP of 192.168.0.71 and works if I set my default gateway to 71.  To get around this I added a route statement to the ISA server like so:  route add 192.168.5.0 mask 255.255.255.0 192.168.0.71

This still does not work.  I checked the logs and it shows a connection being initated but it does not work.  Do I need to create a new network with the other office ip range?  Do I need any rules to allow traffice to route to the pix? 
Post #: 1
RE: Pix to Pix - 12.Aug.2006 6:02:48 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi X,

What's the point here? Are you trying to replace the pix packet filters with ISA firewalls?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Xignals)
Post #: 2
RE: Pix to Pix - 21.Aug.2006 4:39:32 PM   
tonygauderman

 

Posts: 107
Joined: 6.Feb.2006
Status: offline
Are you trying to route a VPN around the ISA server completely?

If that's what you are trying to do, there are two problems with your design..

First, you would be better off just terminating the VPN tunnel on the ISA server.  You are creating an "end around" your primary firewall.  Even if you pass the tunnel through the ISA server, your ISA server can't inspect the traffic because it's encrypted, but at least it's not creating the "end around".

Second, even if you decide you want to do the "end around" anyway, the traffic should never touch the ISA server.  You really shouldn't use ISA as a router in the sense that you have traffic going out the same interface it came in.

(in reply to tshinder)
Post #: 3
RE: Pix to Pix - 25.Aug.2006 12:01:55 AM   
Xignals

 

Posts: 31
Joined: 9.May2002
From: Alabama
Status: offline
Hey thanks for the reply.  We got around the problem by adding the route statement to all the users via loging script and created a locallat.txt file and placed that on all the users machines.  I tried to exclude the IP range on the server but that did not work.  After I did more reading on here is when I thought to try the route statement on the users machines.  It is working great now and we still have ISA protecting users and offering proxy benefits.
Thanks again.

(in reply to tonygauderman)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Pix to Pix Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts