Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN on seperate external network

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> VPN on seperate external network Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN on seperate external network - 7.Dec.2007 9:20:31 AM   
bernard

 

Posts: 12
Joined: 27.Apr.2004
Status: offline 		Hi All,
I'm using ISA2006 and currently use it as a webproxy connected to a hardware firewall.
For VPN access only I want to use my second NIC attached directly to the internet with it's own external IP.

The moment I do that, my proxy functionality is gone.

My question is, is this possible to do and how does ISA knows where to send proxy packets to and when to allow vpn connections. Is there a good tutorial about this issue ?

Thanks a lot for helping.

Best Regards,
Bernard
Post #: 1
RE: VPN on seperate external network - 12.Dec.2007 5:06:16 PM   
pwindell

 

Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		If ISA is just a "web proxy" then it only has one Nic and the traffic gets out to the Internet via the other firewall.

If ISA has a second Nic then it is not just a "web proxy" and is not in any way associated with the other firewall.

If the second Nic has a Public IP# as you indicated then the ISA needs to operate as an Edge Firewall and the traffic filtered through ISA will go out the second Nic and will not have anything to do with the other firewall. 

So what has happend is that you have (maybe unknowingly) created the second situation (Edge Firewall) but the TCP/IP Config of the ISA is still based on the first situation (Caching Server) with the Default Gateway on the first (internal) Nic that points to the other firewall,...so the whole thing comes crashing down.

Run it as an Edge Firewall with its own public IP#,..this places it side-by-side with the other firewall and the two work independent of each other.  It will then work as a VPN Server perfectly fine and you will get all of the features that ISA is capable of giving, instead of only 30% of its capablilties that the Caching Server model gives you.

_____________________________

Phillip Windell
www.wandtv.com

(in reply to bernard)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> VPN on seperate external network Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts