Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Using Non VPN External IP Address
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Using Non VPN External IP Address - 3.Dec.2007 1:00:21 PM
|
|
|
Sleepstalker
Posts: 8
Joined: 19.Oct.2007
Status: offline
|
I have several remote vpn sites and if I publish a web site, using an external ip address that is not the local endpoint for the tunnels than it works externally, but not from the remote vpn sites. I do not want to host all of our web sites from the same public ip address that the tunnels connect too. Is there a way to use multiple ip's for using different certificates and not have routing issues with remote vpn sites? I need the web sites to work externally and at our other sites.
|
|
|
|
|
RE: Using Non VPN External IP Address - 9.Dec.2007 12:07:01 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Are you talking about site to site VPNs?
If so, do you want the remote site networks to go over the Internet or over the VPN tunnel to reach the Web servers?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Using Non VPN External IP Address - 18.Jan.2008 5:15:45 PM
|
|
|
Sleepstalker
Posts: 8
Joined: 19.Oct.2007
Status: offline
|
I just started trying to figure out this issue again I want the remote sites to access the web sites over the internet. I'm using an external address that none of the tunnels use. The web server is now on an internal network that is not connected to the remote sites over the tunnel. The web pages loads fine externally and on our main internal network, but will not load at sites that have a vpn connection to the isa server.
|
|
|
|
|
RE: Using Non VPN External IP Address - 20.Jan.2008 12:59:50 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
The key here is a split DNS, so that the remote office resolves the names of those servers to a public IP address. When you do that, the connections won't go over the tunnel, but instead, will go over the Internet.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Using Non VPN External IP Address - 23.Jan.2008 8:26:35 AM
|
|
|
Sleepstalker
Posts: 8
Joined: 19.Oct.2007
Status: offline
|
The dns entries I've added are for public ip addresses. We have an isa server but all of our tunnels are going to pix firewalls at the remote sites. Several of the pix firewalls only have only one public ip address so the tunnel ends at the ip that the pix uses for pat. I have three public ips on the external interface of the isa server all of the tunnels are linked to one of them let's call it address A and the extras B and C. I set up the isa server to listen for the host names needed on all addresses on the external interface. If I set external dns to adddress A than the website works as long as the tunnel is up, but if set dns to B or C than the pix's go do not use the tunnel, but the isa server recognizes the pat address and tries to send the data over the tunnel causing the page to not load.
When I created the tunnels on the isa server I included the public addresses of the pix firewalls in the addresses tab of the remote site. Would it cause problems if I removed that address?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
