If you want to experiment with ISA, the simplest and convenient way is to use a virtual lab, VMware Server, Workstation, VMware ESXi, Hyper-V, VirtualBox, etc. That's one of ISA's feature, and an advantage over some "hardware" firewalls which you cannot virtualize. So you can mess all day long, test the configs prior to deployment, break the VMs. It does not matter, no one cares, just take a snapshot on each clean VM, and you will be back to a clean lab in minutes, and do another tests.
Aaa, and about the sharepoint thing, if you add the remote VPN gateways IP address to the remote site definition on the other ISA, on this ISA, if you use on the hosts behind the remote ISA the "public URL", such traffic will be sourced with the remote ISA's external IP address(and this IP address should not belong now to the External Net) and will be destined to the public IP address on this ISA. I'm not sure if your web server publishing rule was configured like so, or if it is any point in doing that.
It would have been advised to avoid the .local TLD("webserver.ourdomain.local"), and have the split DNS properly implemented. In this way, for users won't be any local and public URLs, just one URL, and things will happen in the background, a pleasant experience for users.
< Message edited by adimcev -- 21.Aug.2009 10:56:59 AM >
Get Our ISA 2006 Book!: http://tinyurl.com/2gpoo8