• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IPSEC rules & filters ???

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> IPSEC rules & filters ??? Page: [1]
Login
Message << Older Topic   Newer Topic >>
IPSEC rules & filters ??? - 26.Nov.2001 3:15:00 PM   
Howto

 

Posts: 17
Joined: 8.Nov.2001
Status: offline
Hello,

I'm currently trying to establish an IPSec connection using Kerberos through an ISA server from a server in the LAN to a server in the DMZ

IP DMZ server : 10.10.15.10

IP1 ISA server : 10.10.15.1
IP2 ISA server : 10.10.1.1

IP LAN server : 10.10.1.2

Which filters/rules need to be set up to allow the IPSec communication ?

Post #: 1
RE: IPSEC rules & filters ??? - 26.Nov.2001 9:40:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Howto,

AH and Kerberos won't work through the NAT. So, this configuration cannot work with ISA Server with a client on the LAT.

HTH,
Tom

------------------
http://www.isaserver.org/shinder/


Get It Here!


(in reply to Howto)
Post #: 2
RE: IPSEC rules & filters ??? - 26.Nov.2001 10:15:00 PM   
Grand11

 

Posts: 5
Joined: 20.Nov.2001
Status: offline
ALthough you can't nat IPSEC or Kerberos though the ISA server, there's no reason you can't route it.

Under Access policy right click and go into the properties of IP Pakcet Filters. Then enable both Packet filtering AND IP routing with intrusion detection. Then hop over to the PPTP tab and select "PPTP through firewall". When you leave the screen the appropriate filter will be automatically created to allow PPTP. With that out of the way simply open up the nessisary Kerberos ports (good idea to lock down source and destination as oppossed to any/any) and your done.

On the servers on either side of the internal ISA, either set your default gateway to the ISA server or add a static route to it. Lastly, review any name resultion issues you might have and your done.

End result? PPTP connections through the internal ISA to a VPN server. A nice way to control who can manage boxes in your DMZ.


(in reply to Howto)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> IPSEC rules & filters ??? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts