How-to route all tunneled traffic via internal network interface

How-to route all tunneled traffic via internal network interface (Full Version)

All Forums >> [ISA 2006 Firewall] >> Network Infrastructure

Message

dani.wenger -> How-to route all tunneled traffic via internal network interface (20.May2008 10:58:47 AM)
Hi everbody, great forum, excellent moderated [;)], congratulations! Keep it up! As many others I have a problem which I could not solve so far: I am using ISA Server 2006 with two network interfaces (one public, one private) for terminating remote access VPN connections from remote workers. All the traffic of the remote users is forwarded through the VPN tunnels ("use default gateway on remote network"). So far everything works fine. However, I would like to route all tunneled traffic (not only web traffic) via the internal network for further inspection. At the moment traffic destined to the internet is routed in the ISA-Server through the public interface because the default route must be configured this way for remote access. Such behaviour normally requires "policy based routing" or "source based routing". Does ISA support such features? I've read already some threads and realised that ISA is "perfect" firewall but not a core router (follwing some statements from Tom [:D]). I read as well that new versions offer much more flexibility regarding networking. Does Server 2008 support such networking features? Do futhure ISA server versions support "policy based routing"? Many thanks for your hints and helpful replies. Kind regards Dani

tshinder -> RE: How-to route all tunneled traffic via internal network interface (30.Jun.2008 9:39:39 AM)
Hi Dani, Is it that you want the VPN clients to connect to the Internet through another firewall, and not the one that they've established the VPN connection to? Thanks! Tom

dani.wenger -> RE: How-to route all tunneled traffic via internal network interface (30.Jun.2008 10:16:14 AM)
Hi Tom, Yes, that's right. I want the VPN-clients to access the internet through another firewall (incl. IDS,IPS,...). Thanks Dani

tshinder -> RE: How-to route all tunneled traffic via internal network interface (1.Jul.2008 7:12:03 AM)
Hi Dani, You can take advantage of the Web Proxy and Firewall client configuration on the VPN clients to route requests to another ISA firewall, which could then route the requests to another Internet gateway. That's the only way I know where you can reroute remote access VPN client connections. Thanks! Tom

dani.wenger -> RE: How-to route all tunneled traffic via internal network interface (1.Jul.2008 7:25:10 AM)
Hi Tom, I assume that the Web Proxy and Firewall feature only applies to web browsing and not for general traffic such as VoIP or dedicated application traffic. Is that right? If yes, it does not seem to fit for me... Thanks Dani

tshinder -> RE: How-to route all tunneled traffic via internal network interface (1.Jul.2008 7:42:53 AM)
Hi Dani, The Web Proxy client configuration takes care of forwarding HTTP/HTTPS traffic from applications that are configured to use the Web Proxy configuration. The Firewall client will forward requests from any Winsock application transparently. So, if your applications are written to the Winsock interface, the Firewall client will pick them up and forward the connections to the ISA firewall that you designate the Firewall client to use. HTH, Tom

Page: [1]