Posts: 19
Joined: 5.May2002
From: Hertfordshire, UK
Status: offline
Does anyone know of any articles on setting up VPN access to the DMZ from the Internal network.
I can successfully create a connection to the DMZ from the Internal network and I am assigned a IP address for the DMZ, but I am unable to ping any systems or access any resources on the DMZ.
My internal firewall has the IP address 172.16.1.103, I configure the VPN client to connect to this address, it is then assigned a static IP from the address range (192.168.1.10-20)
The VPN server was setup from the ISA console, and apart from the address range above, I have not made any changes. I assume that ISA server will setup the VPN service correctly.
When I open a CMD prompt on the client computer, I can ping servers on the DMZ, but as soon as I open the VPN connection, the ping request is lost.
The VPN server I connect to is also the the default gateway on the client system. The client and the server or both running Win2k Server.
Whoa! I think we're getting confused on the nomenclature here.
You said that you want to connect to a VPN server on the DMZ segment from an internal network client. Correct?
If that is the case, you do not need to configure the VPN server on the ISA Server. You just need to configure the ISA Server to allow PPTP passthrough. The actual VPN server configuration would need to be done on the DMZ host computer.
Your IP configuration looks good for the DMZ and the internal network. I was concerned that maybe the internal network and the DMZ were on the same network ID
Interesting problem! The reason why its interesting is that you want to make the ISA Server a VPN server that will allow you access to the DMZ network. This issue here is that if you VPN into the DMZ via the ISA/VPN server, the internal interface of the ISA/VPN server (the LAT network interface) is actually the EXTERNAL interface for the VPN! I don't know if that would work, as I haven't tested it, but it certainly has the potential for confusion.
As for accessing shares on the DMZ, bastion host computers should never has the Server service enabled *EVER*. Well, I shouldn't say that, because if you aren't concerned about them getting broken into, allowing shares on them is a great way to make new friends in the hacker community
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> VPN over back-to-back firewall 
VPN over back-to-back firewall - 
RE: VPN over back-to-back firewall - 
RE: VPN over back-to-back firewall - ![[Big Grin]](/image/smiles/biggrin.gif)
![[Razz]](/image/smiles/tongue.gif)
RE: VPN over back-to-back firewall - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread