I'm trying to establish the following scenario: -2-legged ISA server, with 10 public external IP addresses. -Site2Site VPN with a support office (they need RDP and some more access).
The VPN is OK, and ONE server is possible to publish with RDP in this site2Site, the one that I set for "local IP" for the VPN. But I need to publish about 8 servers with different protocols. Do I need to set up 8 Site2Site tunnels to make this happend, or should it work anyway? I tried to specify the entire range in the site2Site settings but it doesn't seem to have an effect.
Can't see anything getting stuck in the logs.
Could it be a problem in the accessing settings (ie the support personel firewall)? I set up anothersite2site towards this network, but i get the same problem (ISA as well). And there i KNOW i included the entire range.
ANY help would be appreciated. Should it work? What to look for?
Due to Similar ip ranges, the support personel must connect to public ip addresses, so I can't just route them in. And it would have been to simple scenario. =)
< Message edited by patos -- 11.Mar.2007 6:07:14 PM >
Well, basically i need to publish three servers through a Site 2 SiteVPN tunnel (let's say the RDP protocol for arguments sake), but they need to be published with public IP addresses (ie not internal IP address visible). The chances are that if I used the internal addresses, the supporting company that needs access to these servers, would experience an IP collision sooner or later at some other site(ie another company that uses the same internal IP range).
We don't want to publish the addresses directly on the internet obviously, and we'd like to keep the communication protected.
As I said earlier, doing this with normal "route" site-2-site, i see no problem getting it to work. But to "publish", i don't quite get it.. Tried a lot of different approaches, can't get it to work.
I have tried doing this both towards a cisco and another ISA (2006, but that shouldn't matter). Still no luck. Well with the ISA 2006 i got ONE server accessible, but would i really need to set up a separate tunnel for each server? And I'm not sure it was working through the tunnel that time either.
SHOULD this work? Or am I in uncharted waters here? =)
Is this a site to site VPN connection with a NAT or Route relationship?
I don't see how you're going to get public addresses going in this situation, since that would mean publishing outside the site to site VPN link, which would be fine too, if RDP could ever be considered secure, which it ain't :)
I agree with you, the entire thing gets so wierd, so I actually gave up on it. I can't figure out how it could be established with ISA. I know it's possible with other FW's (like a PIX). I could always put up two ISA servers I guess and publish the servers on an internal Firewall and create a site 2 site with an external wich routes the traffic to the internal one. But that seems a bit over the top. =)
Oh well, never mind. Thanx anyway for your help! Always nice to have someone to discuss thoughts with.