• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Could publish a server for Site2Site VPN connections, but...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Could publish a server for Site2Site VPN connections, but... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Could publish a server for Site2Site VPN connections, b... - 11.Mar.2007 6:02:51 PM   
patos

 

Posts: 34
Joined: 13.Oct.2006
Status: offline
Hi!

I'm trying to establish the following scenario:
-2-legged ISA server, with 10 public external IP addresses.
-Site2Site VPN with a support office (they need RDP and some more access).

The VPN is OK, and ONE server is possible to publish with RDP in this site2Site, the one that I set for "local IP" for the VPN.
But I need to publish about 8 servers with different protocols. Do I need to set up 8 Site2Site tunnels to make this happend, or should it work anyway? I tried to specify the entire range in the site2Site settings but it doesn't seem to have an effect.

Can't see anything getting stuck in the logs.

Could it be a problem in the accessing settings (ie the support personel firewall)?
I set up anothersite2site towards this network, but i get the same problem (ISA as well). And there i KNOW i included the entire range.

ANY help would be appreciated. Should it work? What to look for?

Due to Similar ip ranges, the support personel must connect to public ip addresses, so I can't just route them in. And it would have been to simple scenario. =)

< Message edited by patos -- 11.Mar.2007 6:07:14 PM >
Post #: 1
RE: Could publish a server for Site2Site VPN connection... - 15.Apr.2007 10:52:39 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
What are you actually trying to accomplish here?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to patos)
Post #: 2
RE: Could publish a server for Site2Site VPN connection... - 17.Apr.2007 5:13:12 PM   
patos

 

Posts: 34
Joined: 13.Oct.2006
Status: offline
Well, basically i need to publish three servers through a Site 2 SiteVPN tunnel (let's say the RDP protocol for arguments sake), but they need to be published with public IP addresses (ie not internal IP address visible). The chances are that if I used the internal addresses, the supporting company that needs access to these servers, would experience an IP collision sooner or later at some other site(ie another company that uses the same internal IP range).

We don't want to publish the addresses directly on the internet obviously, and we'd like to keep the communication protected.

As I said earlier, doing this with normal "route" site-2-site, i see no problem getting it to work. But to "publish", i don't quite get it.. Tried a lot of different approaches, can't get it to work.

I have tried doing this both towards a cisco and another ISA (2006, but that shouldn't matter). Still no luck. Well with the ISA 2006 i got ONE server accessible, but would i really need to set up a separate tunnel for each server?
And I'm not sure it was working through the tunnel that time either.

SHOULD this work? Or am I in uncharted waters here? =)

Thanks for caring!

(in reply to tshinder)
Post #: 3
RE: Could publish a server for Site2Site VPN connection... - 21.Apr.2007 11:32:04 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Is this a site to site VPN connection with a NAT or Route relationship?

I don't see how you're going to get public addresses going in this situation, since that would mean publishing outside the site to site VPN link, which would be fine too, if RDP could ever be considered secure, which it ain't :)

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to patos)
Post #: 4
RE: Could publish a server for Site2Site VPN connection... - 22.Apr.2007 3:03:36 PM   
patos

 

Posts: 34
Joined: 13.Oct.2006
Status: offline
It would be a NAT relationship.

I agree with you, the entire thing gets so wierd, so I actually gave up on it. I can't figure out how it could be established with ISA. I know it's possible with other FW's (like a PIX). I could always put up two ISA servers I guess and publish the servers on an internal Firewall and create a site 2 site with an external wich routes the traffic to the internal one. But that seems a bit over the top. =)

Oh well, never mind. Thanx anyway for your help! Always nice to have someone to discuss thoughts with.

(in reply to tshinder)
Post #: 5
RE: Could publish a server for Site2Site VPN connection... - 22.Apr.2007 8:19:25 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Wish I could have come up with a better solution.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to patos)
Post #: 6
RE: Could publish a server for Site2Site VPN connection... - 25.Apr.2007 3:30:34 PM   
patos

 

Posts: 34
Joined: 13.Oct.2006
Status: offline
Hey it's not your job, it's the developers at Microsoft. =)

(in reply to tshinder)
Post #: 7
RE: Could publish a server for Site2Site VPN connection... - 26.Apr.2007 1:10:20 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Maybe in the next version

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to patos)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Could publish a server for Site2Site VPN connections, but... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts