Branch Office Connections!!!! (Full Version)

All Forums >> [ISA 2006 Firewall] >> Branch Office


noddles -> Branch Office Connections!!!! (10.Jan.2011 8:54:42 AM)

Hello All,

Please i need help. My office has 4 locations in a particular country and all locations have it individual ISA Server. I am running server 2003 sp2 with ISA 2006 sp1. All connections for all offices to the internet looks like this: client machine -> ISA Server -> Internet ISP Router -> Internet.
we are connected perfectly to the internet, all firewall rules i implemented are working fine, but my problem is i cant connect to any computer at any remote office. If i have an issue, maybe a faulty server that requires my attention, i connect like this: My system -> Internet ISP Router -> Branch office -> Server (bypassing the ISA Server and going straight to the ISP Router).
With the above connection, i must have the servers gateway as the ISP Router (bypassing the ISA Server for its location) before i can connect remotely to it.
I need a way of configuring the ISA to enable / allow incoming connections through it or enabling two different branch offices connect to themselves. Can anyone help PLEASE!!!!!!!

paulo.oliveira -> RE: Branch Office Connections!!!! (10.Jan.2011 6:36:38 PM)


you need to create a site-to-site VPN. Search for the website, there are a lot of articles explaning it and telling how to create them.

Paulo Oliveira.

noddles -> RE: Branch Office Connections!!!! (11.Jan.2011 1:51:41 PM)

Hello Paulo.oliveira,

i would like to thank you for pointing me in the right direction. I am really grateful, learnt  a lot from the article. please i am still having problems, i configured everything as directed in the article ( but when i get to the part of inputting the remote network ip address i get an error saying : "Networks cannot contain IP addresses that overlap another network" the IP address i inputted in the address field is - Did i make a mistake? Can you or anyone point me in the right direction?
Please i need HELP!!! [:(]. some of our servers are located at the branch office and our users need access to the servers.

paulo.oliveira -> RE: Branch Office Connections!!!! (11.Jan.2011 4:03:36 PM)


you canīt define two network ranges on two different places (Network objects). If you want assign IPs from internal range to your clients, then you should choose DHCP option (if your ISA version is Standard or have only one Enterprise version).

The other choice you have is to exclude VPN Clients static assignment range from Internal Network definition. For example, your Internal Network range is and you want to allow access to 10 VPN clients (including remote ISA firewalls), you can exclude the following range from Internal Network definition: (one IP will be used by ISA ras interface) and configure it as static range for ISA VPN.

But, I strongly recommend you use DHCP server when possible or use other network range different than your current one.

Paulo Oliveira.

Page: [1]