Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site-to-Site

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Site-to-Site Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site-to-Site - 8.May2008 9:40:49 AM   
ldoodle

 

Posts: 70
Joined: 21.Mar.2005
From: England
Status: offline 		Hiya,

I'm trying to build a lab network with exact details of production network (public IP's etc). The plan is to be able to unplug the old servers and plug the new ones in, hence using production network settings.

I am having trouble getting my site-to-site working. Configuration/layout is as follows.

Main Office:

ISA Server 2006 Enterprise x3 (1 CSS + 2 members)
VIP of Internal: 10.0.0.100/23
VIP of External: 100.100.100.100/28

External interfaces on array members connected to cable-based (non-ADSL) router (Router1)

Router1:

Internal IP: 100.100.100.1/28
External IP: DHCP from Router3 (192.168.1.2/29)
Connected to Router3 and External intfaces of array members at main office

Router3

Internal IP: 192.168.1.1/29
External IP: Not connected
Connected to Router1 and Router2

Router2:

Internal IP: 200.200.200.1/29
External IP: DHCP from Router3 (192.168.1.3/29)
Connected to Router3 and External interface of single ISA at branch office

Branch Office:

ISA Server 2006 Standard x1 (single firewall)
IP of Internal: 10.0.2.1/23
IP of External: 200.200.200.200/28

External interface on single firewall connected to cable-based (non-ADSL) router (Router1)
Post #: 1
RE: Site-to-Site - 8.May2008 9:53:29 AM   
ldoodle

 

Posts: 70
Joined: 21.Mar.2005
From: England
Status: offline 		From the main office array members I can do the following:

Can ping the internal interface of their router
Can ping the external interface of their router
Can ping the external interface of the branch office router
Cannot ping the internal iterface of the branch office router
Can ping the LAN IP of the 'parent' router

The same applies for the branch office. So, the fact that I cannot see the remote networks is the stumbling block in getting the site-to-site VPN working through ISA.

Is there a way to get this working with the 3 router setup, as that's what it will be on the production network?

Thanks

(in reply to ldoodle)
Post #: 2
RE: Site-to-Site - 9.May2008 6:59:41 AM   
ldoodle

 

Posts: 70
Joined: 21.Mar.2005
From: England
Status: offline 		Scrap the first 2 posts as I can re-ask the question much simpler:

How should things be connected IP in a lab network (switches/routers included) and what IP's should/could be used on the external interfaces?

The idea is to get it working in the lab, then unplug the old servers on the production lan and plug the ones from the lab in, so I need to have the lab configured exactly or as close to the production lan as possible.

Thanks!

(in reply to ldoodle)
Post #: 3
RE: Site-to-Site - 9.May2008 10:45:42 AM   
ldoodle

 

Posts: 70
Joined: 21.Mar.2005
From: England
Status: offline 		Not to worry - got it all working now!

(in reply to ldoodle)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Site-to-Site Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts