Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site-to-site VPN Branch configuration

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Branch Office >> Site-to-site VPN Branch configuration Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site-to-site VPN Branch configuration - 25.Oct.2007 3:55:35 PM   
mselich

 

Posts: 3
Joined: 25.Oct.2007
Status: offline 		Hello!
here is the sutiation
1.Main office, ISA
2. Branch office, ISA
Main and Branch connected using site-to-site VPN.
What rule should i create for general clients from branch office for connecting to Internet only through Main office. As i understand it's possible for FirewallClient and WEBProxy clients, but what should i do for clients which have a Branch ISA as a Default Gateway?
Is it possible?

Thanks in advance!
Post #: 1
RE: Site-to-site VPN Branch configuration - 26.Oct.2007 7:50:24 AM   
justmee

 

Posts: 497
Joined: 14.May2007
Status: offline 		Hi Mike,
Since at both sites you have ISA Firewalls you can use Web Chaining:
http://www.microsoft.com/technet/isa/2006/chaining.mspx
quote:

An internal ISA Server client makes a Web request to the downstream ISA server computer. This may be a request from an internal client computer configured as a Web Proxy client (with browser settings configured to point to ISA Server), or an HTTP request from a Firewall or SecureNAT client. By default, ISA Server intercepts HTTP requests from Firewall or SecureNAT clients and passes them to Web Proxy filter for transparent handling.

In your case the downstream ISA is the Branch ISA.
http://www.isaserver.org/tutorials/Web-Proxy-Chaining-Form-Network-Routing.html
Regards!

(in reply to mselich)
Post #: 2
RE: Site-to-site VPN Branch configuration - 26.Oct.2007 9:33:56 AM   
mselich

 

Posts: 3
Joined: 25.Oct.2007
Status: offline 		Thank you for the answer.
But what about non-HTTP traffic? We have some applications that do not use proxies and connect directly to the internet through NAT. And it is not possible to install FirewallClient.
Thanks!

(in reply to justmee)
Post #: 3
RE: Site-to-site VPN Branch configuration - 26.Oct.2007 2:06:55 PM   
mselich

 

Posts: 3
Joined: 25.Oct.2007
Status: offline 		Thank you justmee. You helped me to find the right way!

(in reply to justmee)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Branch Office >> Site-to-site VPN Branch configuration Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts