I have ISA Server implemented in all our branches which connects to our HQ ISA Server over VPN.
I need to have users in the branches access certain internet locations through our HQ internet link (for security reasons).
The scenario I am looking for is: Packets going from the user at the branch to be routed from his ISA server through the VPN to our HQ ISA Server and then to the internet from our ISA server (these packets are TCP/IP Packets to telnet port 23), and preferably NATed.
Packets are reaching the ISA Server at HQ and are stopping there.
Good question. I suspect you'll have to make a VPN connectoid and then configure the ISA Server to access the Internet via the connectoid. That will allow it to use Web Proxy and Firewall chaining with the upstream ISA Server in the main office.
I am not looking for Proxy Chaining, I have an IP SEC Tunnel at mu HQ and all traffic to a certain destination (TCP port 23) should go from that IPSec Tunnel. so when the user in a remote site initiate a telnet to this specific destination, the traffic should be Routed (through RRAS and VPN) to my HQ RRAS Server (also running ISA) and then from my HQ RRAS to the internet through the IPSec tunnel.
Well the packets are reaching my HQ ISA Server andthen they do not go anywhere, All my rmote sites are within the LAT and are considerred internal, the destination is external and is not included in teh LAT.
I can reach the host when initiating the call from within my LAN at HQ or when I initiate the trafic from any location not connected to me through VPN (some local Branches connected through Leased linest to an internal Router behind the ISA)
The problem only exist when the traffic is reaching my HQ ISA Server from a VPN and is destined to a destination that is external.