• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Connecting two offices with ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Connecting two offices with ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Connecting two offices with ISA 2006 - 16.Aug.2007 10:31:07 PM   
stosti

 

Posts: 136
Joined: 27.Oct.2003
Status: offline
I have two offices both have Verizon Business FiOS.  If I create a site to site L2TP/IPSec tunnel to connect the offices will my users still be able to access the internet through the ISA server as they do today?  I'm hoping packets to the internet will find there way out and in.  Then all packet heading between offices will go down the tunnel.  One office is 10.10.0.0 and the other 10.12.0.0.  I need all internet routable packets to NOT go down the tunnel.  They need to go along there was as they did before tunnel.  Is this how this works?  I use these frewalls to publish servers to the internet, browse the web and for remote clients to connect using L2TP.  This all mus still work when the tunnel is put into place.

Thanks,
Scott
Post #: 1
RE: Connecting two offices with ISA 2006 - 17.Aug.2007 4:42:38 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Scott,
this is achieved by default.
Security is applied only to traffic sent to the remote site. This means when the destination IP address belongs to the remote site network range.
Internet traffic will follow its "usual" path.
If you want to change it, but you don't, you can use Web Chaining.
Regards!

(in reply to stosti)
Post #: 2
RE: Connecting two offices with ISA 2006 - 17.Aug.2007 6:16:25 AM   
stosti

 

Posts: 136
Joined: 27.Oct.2003
Status: offline
Hi,

I was hoping that was the case.  It seems logical that it woud be...  That is how it works with a Cisco router with built in firewall set.  I was going to use a 2811 router to accomplish this if ISA could not do what I need.

Which instructions should I use to set this up?  Tom has two sets online.  One is a 2 part and the other is a 7 part.

Thank You,
Scott


(in reply to justmee)
Post #: 3
RE: Connecting two offices with ISA 2006 - 17.Aug.2007 6:52:04 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Well if you are reffering to this two ones:
http://isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html
http://www.isaserver.org/tutorials/Creating-VPN-ISA-2006-Firewall-Branch-Office-Connection-Wizard-Part1.html
then it's all about the ISA version you have: EE or Std.
With Ent you can manage the Branch ISA( apply enterprise policy to all arrays in the same ISA Firewall enterprise) but with Standard you cannot.
Both articles are looking great, so you should be good to go very soon.

(in reply to stosti)
Post #: 4
RE: Connecting two offices with ISA 2006 - 17.Aug.2007 6:56:50 AM   
stosti

 

Posts: 136
Joined: 27.Oct.2003
Status: offline
I will be using standard.

Do you know if I can have two totally seperate internal networks sharing the external internet connection with ISA standard?  I have a guest and corporate network.  They do not share the same wire.  They need to be kept seperate for security reasons.  I hate to use two different firewalls but I will if necessary.

Thanks

(in reply to justmee)
Post #: 5
RE: Connecting two offices with ISA 2006 - 17.Aug.2007 7:24:47 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Check my answer in the your other post.
If you don't, the answer is yes. Just don't create any network relationship(and no access/publishig rules) between the two networks.
ISA will block traffic between them.
You can have as many networks as you like as long as you carefully plan ISA's hardware based on throughput.
If this "guest" network poses some serious threats which for example, can affect ISA's throughput and thus your primary Internal Network, then it is better to use another firewall and another Internet connection for it.

(in reply to stosti)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Connecting two offices with ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts