Posted on 2004-10-26
My situation is as follows:
Internet --- PIX --- ISA --- LAN
The PIX firewall outside interface is connected to the Internet.
ISA Server 2000 (2000 SBS Server) is connected via crossover cable to PIX inside.
ISA Server 2nd NIC is connected to LAN.
IP address of PIX outside is 188.8.131.52/30
IP address of PIX inside is 192.168.1.1/24
IP address of ISA outside is 192.168.1.2/24
IP address of ISA inside is 10.0.0.1/8
IP address of Terminal Server is 10.0.0.80/8
IP address of VPN client connected to PIX is 192.168.2.0/24
What I need to happen is for VPN client connected to the PIX (from Internet) with IP address 192.168.2.x be able to connect to Terminal Server 10.0.0.80 which is on the other side of the ISA box.
What routing/filtering/other do I need to setup/configure on the ISA box. Essentially what I want to do is to allow traffic from 192.168.2.x on the unsecure interface of the ISA box to be routed to the secure subnet (10.0.0.0) interface without being NAT'ed or anything else.
I am a quite proficient at routing/firewall/network config, but an ISA dummy, so concepts are ok, but don't assume I know how to do anything at all in ISA (ie. step-by-step would be nice). This is something I have inherited, I would choose to do things differently given the option to start again.