Welcome to ISAserver.org

VPN into DMZ

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> DMZ >> VPN into DMZ

Page: [1]

Message

<< Older Topic Newer Topic >>

VPN into DMZ - 4.Jul.2007 4:50:44 AM

jcanfer

Posts: 20
Joined: 31.Oct.2006
Status: offline

I'm having trouble gaining access to a machine at the remote end of a site-to-site VPN from a machine in my DMZ, so would someone mind sanity checking my config please?

-The VPN itself is IPsec and is up and running fine.
-A network is configured for the remote site but only contains the IP range of seven machines and that of the remote peer.
-There is a network rule that routes all traffic from the remote network to the DMZ network.
-There is a firewall policy that permits a custom HTTP protocol (it's not filtered) from either network to either network.

I've got IPSec VPN's setup between my internal network and remote networks and they work fine, but this is my first attempt at setting one up into my DMZ.

Unfortunately the remote end are reluctant to open up any other protocols for me to test against either. Looking at the logs when I try to connect to a remote server the connection is initiated but ends with a TCP_NO_SERVER_REPLY error code.

Any ideas?

Many thanks

JC

Post #: 1

Featured Links*

RE: VPN into DMZ - 24.Jul.2007 8:53:47 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

IPSec tunnel mode is:

1. less secure that L2TP/IPSec

2. Half the speed of L2TP/IPSec

3. Not as routable (very limited routing control)

Switch to L2TP/IPSec and gain these three benefits and solve your problem also.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to jcanfer)

Post #: 2