I have two offices both have Verizon Business FiOS. If I create a site to site L2TP/IPSec tunnel to connect the offices will my users still be able to access the internet through the ISA server as they do today? I'm hoping packets to the internet will find there way out and in. Then all packet heading between offices will go down the tunnel. One office is 10.10.0.0 and the other 10.12.0.0. I need all internet routable packets to NOT go down the tunnel. They need to go along there was as they did before tunnel. Is this how this works? I use these frewalls to publish servers to the internet, browse the web and for remote clients to connect using L2TP. This all mus still work when the tunnel is put into place.
Hi Scott, this is achieved by default. Security is applied only to traffic sent to the remote site. This means when the destination IP address belongs to the remote site network range. Internet traffic will follow its "usual" path. If you want to change it, but you don't, you can use Web Chaining. Regards!
I was hoping that was the case. It seems logical that it woud be... That is how it works with a Cisco router with built in firewall set. I was going to use a 2811 router to accomplish this if ISA could not do what I need.
Which instructions should I use to set this up? Tom has two sets online. One is a 2 part and the other is a 7 part.
Do you know if I can have two totally seperate internal networks sharing the external internet connection with ISA standard? I have a guest and corporate network. They do not share the same wire. They need to be kept seperate for security reasons. I hate to use two different firewalls but I will if necessary.
Check my answer in the your other post. If you don't, the answer is yes. Just don't create any network relationship(and no access/publishig rules) between the two networks. ISA will block traffic between them. You can have as many networks as you like as long as you carefully plan ISA's hardware based on throughput. If this "guest" network poses some serious threats which for example, can affect ISA's throughput and thus your primary Internal Network, then it is better to use another firewall and another Internet connection for it.