B2B with a 3rd Party Firewall Terminating Remote Site to Site VPNs

B2B with a 3rd Party Firewall Terminating Remote Site to Site VPNs (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> DMZ

Message

jim.gowans -> B2B with a 3rd Party Firewall Terminating Remote Site to Site VPNs (4.Sep.2003 1:19:00 AM)
On our site we have a Cisco 837 Border Router with two site to site VPNs terminating on it. We have an ISA server behind this in a B2B configuration. All Internet traffic is push from the Cisco 837 to the External Interface of the ISA Server. We therefore have both trusted and untrusted site traffic pointing at the external interface of the ISA Server. Can anyone tell me what would be the best way to allow traffic from the two site to site VPNs through the ISA Server on to the Internal Network so that our two remote sites can access all the resources on the Internal Network.

spouseele -> RE: B2B with a 3rd Party Firewall Terminating Remote Site to Site VPNs (5.Sep.2003 11:01:00 PM)
Hi Jim, because the VPN tunnels are terminated external to ISA server, ISA will consider all inbound traffic as untrusted. So, I think your configuration will not work. In my opinion the best way is to terminate the VPN tunnels on the inner ISA server. To achieve that, the inner ISA server must run on W2003 and you should use L2TP/IPSec with the NAT-T feature as VPN protocol. HTH, Stefaan

Page: [1]