Firewall Client overiding VPN connection (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client



Message


meddlingBanter -> Firewall Client overiding VPN connection (9.Jan.2007 6:42:16 PM)

Hello, my question is regarding ISA Firewall Client with regards to external VPN connections.  At my company we have taken on a call center for an issurance agency.  As such they have a software package which is needed to be used by our dispatchers.  The program connects to their servers over telnet, obviously high insecure and thus they have their various call centers connect first to their VPN and then to the telnet server.  Connecting to their VPN with the Microsoft Client works great, as they have an ISA Server 2004 in place as well.  The problem we are experiencing has to do with connecting to the telnet server on their end with the Firewall Client enabled.  Firing up some packet capturing software monitoring only the VPN connection I create with the Firewall Client disabled, everything works great and I can see packets are being sent through the connection and the application connects to the telnet server.  If I close everything down, enable the Firewall Client, connect to the VPN server and try to connect to the telnet server, no connection is made and no packets are sent over the VPN connection as evidence by the packet capture software. I know that in normal operation, if you connect to a VPN like we are, all traffic is routed through the VPN connection, or at least thats my understanding, but in the case of having the firewall client running with a VPN connected, the Firewall Client is forcing all traffic through that connection to the gateway, at least this is my take on things.  Basically I would like the normal operation when I connect to the VPN at our business partners VPN, but without disabling the client when I do so.  Maybe this can be done, or maybe not, any insite would be appreciated.

I have already made the suggestion of creating a Site-To-Site VPN which would probably solve our issues, they just don't seem to keen on keeping an open connection like that all the time.  I figure though if lock down who can have access through the VPN, and what computers can go through the VPN and even what protocols, in this case only telnet, things should be pretty damn secure with no threats on either end.  Shed some light on this if you would.




spouseele -> RE: Firewall Client overiding VPN connection (10.Jan.2007 2:40:44 PM)

Hi meddlingBanter,

check out my article How to pass IPSec traffic through ISA Server, particular section '4. Configuring ISA Clients'.

HTH,
Stefaan




Page: [1]