• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site to Site VPN between ISA 2006 and Cisco

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Branch Office >> Site to Site VPN between ISA 2006 and Cisco Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site to Site VPN between ISA 2006 and Cisco - 26.May2011 8:09:23 AM   
stiansaeten

 

Posts: 3
Joined: 30.Jun.2010
Status: offline
Hi

We are about to install a IPSec tunnel between HQ and a branch office. We have two ISA Servers 2006 with NLB at HQ, but want to install a Cisco at the branch office. We have contacted a Cisco reseller and they don't recommend that we use our ISA server for VPN, and recommend that we set up a Cisco ASA 5505 at HQ and Cisco 881W in the branch office.

Is there any known problem with combining ISA and Cisco VPN?
Post #: 1
RE: Site to Site VPN between ISA 2006 and Cisco - 27.May2011 2:17:59 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
No there is no problem.  They just want to sell you more firewalls.
If you call MS they would try to sell you another ISA and tell you not to use the ASA,...that is how the game works.

The NLB won't apply to the VPN as far as I know.  I think you just have to pick one of the ISAs and use it to create the VPN with the ASA.

_____________________________

Phillip Windell

(in reply to stiansaeten)
Post #: 2
RE: Site to Site VPN between ISA 2006 and Cisco - 31.May2011 5:06:55 AM   
stiansaeten

 

Posts: 3
Joined: 30.Jun.2010
Status: offline
Thank you for the response. This is what I suspected.
I have already contacted another reseller because I didn't trust them. :)

(in reply to pwindell)
Post #: 3
RE: Site to Site VPN between ISA 2006 and Cisco - 6.Jun.2011 11:37:38 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Phillip,

If I am not mistaken, if the "primary" VPN server is down, then other server in the array assume the connections.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pwindell)
Post #: 4
RE: Site to Site VPN between ISA 2006 and Cisco - 6.Jun.2011 11:59:31 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I don't mess with any arrays myself, but I'm sure there were some issues there with NLB -vs- VPNs.  If a Site-to-Site it may reinitialize and connect to the other server but it probably uses the actual IP# and not the VIP.

If it is an incoming Remote Access VPN then I really don't know.  I think there might be an article on the site here somewhere about it,..I'm sure I read something along those lines. But I can't remember any real details.  I know that this whole subject has been one of the more obscure things about the product to try to understand.

_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Branch Office >> Site to Site VPN between ISA 2006 and Cisco Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts