• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA as Back Firewall to ASA Question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> ISA as Back Firewall to ASA Question Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA as Back Firewall to ASA Question - 12.Feb.2009 4:11:17 PM   
msanlon

 

Posts: 3
Joined: 30.Mar.2004
Status: offline
Ok Guys, I've been pulling my hair out over this one now for a while...
 
Currently I have two PIX 501s and a V3000 Concentrator.
 
We're upgrading the PIX to a ASA 5505 and trying to get rid of the concentrator (because VPN is built into the ASA)
 
At the same time... I thought it would be a good idea to add an ISA server as a back firewall.
 
This is what we have
 
LAN + Remote NBX Phone System (10.1.4.x)
|
PIX501             Remote Office (65.x.x.x)
|
Internet
|
PIX501 + Concentrator             HQ (67.x.x.x.)
|
LAN + Main NBX Phone System (192.168.1.x)
 
The Network and Phone System Connects Over VPN.
 
 
This is what I thought I wanted...


LAN + Remote NBX Phone System (10.1.4.x)
|
|
PIX501             Remote Office (65.x.x.x)

|
|
Internet
|
|
ASA      HQ (67.x.x.x)
|

|
ISA 2006---- DMZ (172.16.0.1)

|
LAN + Main NBX Phone System (192.168.1.x)

 
But if I use the ISA as the end of the tunnel, then I believe the phones won't work because they don't play well with NAT.
 
The company has standardised on Cisco VPN and so it's politically problematic to tell them we're creating the tunnel between the PIX and the ISA server.
 
Any suggestions? Is there another way of doing this?
 
Thanks for taking the time to look at this.
 
 
 
Mike.


Post #: 1
RE: ISA as Back Firewall to ASA Question - 12.Feb.2009 4:46:13 PM   
msanlon

 

Posts: 3
Joined: 30.Mar.2004
Status: offline
Oops, I meant...
 
But if I use the ASA as the end of the tunnel, then I believe the phones won't work because they don't play well with NAT.

Sorry for the confusion.

(in reply to msanlon)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> ISA as Back Firewall to ASA Question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts