Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Trihomed outbound VPN

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Trihomed outbound VPN Page: [1]
Login
Message << Older Topic   Newer Topic >>
Trihomed outbound VPN - 22.Jul.2004 10:08:00 PM   
Guest
 We have an ISA server configured with 3 NIC's. The first is a public interface, and the other two are private. The one private (192.168.x.x) goes to our LAN. The second private (10.0.0.x) goes to a DMZ of sorts. The second private was recently added for the ability to create a site to site VPN connection with a client of ours (ISA was reloaded, so the NIC was added prior to the ISA installation). Currently, in the second private subnet, we have a Nokia VPN device with two interfaces. One connects to the DMZ interface in ISA, and the other to a switch which connects to the Internet router. The device is accessible from the Internet, so things seem to be set right there. This device builds the VPN between sites. The goal is to connect to a single public IP address from our LAN clients (on the first private subnet) by connecting through the second private interface on ISA, thus routing through the Nokia device (since this is the only way to access the public IP address for the site to site connection at the client). Meaning that when sitting on the LAN, a request for the public address to the other site would route through the 10.0.0.x interface, go through the Nokia, and then to the Internet router, instead of routing through the LAN interface, and then to the Internet router as all other traffic does.

My question is, how do I properly set this up? Is this more of an RRAS question or an ISA question? The second private interface is NOT on the LAT at this point. All I really want to do is route packets for this one IP address through our second private interface, so that they then go to the Nokia instead of through the default gateway route. At this point, I cannot ping the Nokia from ISA, or from the LAN. The Nokia can get to the Internet, and is accessible from the Internet. Do I need to add the second private interface to the LAT? Are their static routes I need to create? What else needs to be done?

Public (x.x.x.x)
| \
ISA - Private 2 (10.0.0.x)
|
Private 1 / LAN (192.168.x.x)
  Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Trihomed outbound VPN Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts