Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site To Site VPN to CISCO Single IP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Site To Site VPN to CISCO Single IP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site To Site VPN to CISCO Single IP - 11.Dec.2007 6:34:14 PM   
treno

 

Posts: 1
Joined: 11.Dec.2007
Status: offline 		Site to Site VPN.

I'm trying to establish a site to site VPN where the remote administrator will only allow connections from a single client computer.

I've set up the connection and the Network rule, but it still wont connect.
The remote admin says we're trying to connect with 172.20.0.0(255.255.0.0) our internal network.

ISA Server says this (under Site to Site Settings Summary):
Site-to-Site Network IP Subnets:
   Subnet: 172.20.100.143/255.255.255.255


BUT
IP Security Montior sows a Generic filter with source as  172.20.0.0(255.255.0.0)

What Can I do to get this single-computer site to site VPN to work.

Also, the remote site will not support NAT/T, we've already tried that route.
Post #: 1
RE: Site To Site VPN to CISCO Single IP - 12.Dec.2007 5:12:41 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline 		Hi Travis,
You cannot do that with ISA and IPsec tunnel mode(the whole Internal Network will be used).
I know this is not nice, but it should work in case of IPsec tunnel mode when the remote site initiate the tunnel and makes the QM proposal.
Regards!

< Message edited by justmee -- 12.Dec.2007 5:13:44 AM >

(in reply to treno)
Post #: 2
RE: Site To Site VPN to CISCO Single IP - 13.Dec.2007 12:52:13 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		I've never tried it personally, but conceptually you should be able to define a static tunnel mode policy (one created in the IPSec Management Console) that only includes the single IP address. Since IPSec has a static mode and a dynamic mode (the IPSec filters from ISA are plced in the dynamic mode while filters created in the MMC are static) these filters can co-exist and the most specific filter will match.

How To Configure IPSec Tunneling in Windows Server 2003
http://support.microsoft.com/kb/816514

You'll probably have the Remote Site connection defined in the ISA console at the same time so that the Firewall Rules will work - admittedly it's a little ugly. No guarantees, but it could work. If you can tinker with it, I'd like to hear about your results.

< Message edited by ClintD -- 13.Dec.2007 12:53:43 PM >

(in reply to treno)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Site To Site VPN to CISCO Single IP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts