• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

ISA filtering/routing

My situation is as follows:


Internet --- PIX --- ISA --- LAN


The PIX firewall outside interface is connected to the Internet.
ISA Server 2000 (2000 SBS Server) is connected via crossover cable to PIX inside.
ISA Server 2nd NIC is connected to LAN.
IP address of PIX outside is 1.1.1.2/30
IP address of PIX inside is 192.168.1.1/24
IP address of ISA outside is 192.168.1.2/24
IP address of ISA inside is 10.0.0.1/8
IP address of Terminal Server is 10.0.0.80/8
IP address of VPN client connected to PIX is 192.168.2.0/24

What I need to happen is for VPN client connected to the PIX (from Internet) with IP address 192.168.2.x be able to connect to Terminal Server 10.0.0.80 which is on the other side of the ISA box.

What routing/filtering/other do I need to setup/configure on the ISA box. Essentially what I want to do is to allow traffic from 192.168.2.x on the unsecure interface of the ISA box to be routed to the secure subnet (10.0.0.0) interface without being NAT'ed or anything else.

I am a quite proficient at routing/firewall/network config, but an ISA dummy, so concepts are ok, but don't assume I know how to do anything at all in ISA (ie. step-by-step would be nice). This is something I have inherited, I would choose to do things differently given the option to start again.

Thanks.

0
td_miles
Asked:
td_miles
  • 3
  • 3
1 Solution
 
hananoCommented:
hi

you can't do that with isa 2000,because its always do nating ,can't routed but in isa 2004 you can do it
0
 
td_milesAuthor Commented:
ok, if thats the case,  what can I do to work around this ?
0
 
hananoCommented:
can you explain more in detail what you want exactly
0
2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

 
td_milesAuthor Commented:
I want a way for people who are connected to the PIX with the VPN client (and have IP address 192.168.2.x) to be able to connect to Terminal Services on IP 10.0.0.80.

Between the two lies the ISA server.
0
 
hananoCommented:
you should publish your internal terminal server on isa
http://support.microsoft.com/default.aspx?scid=kb;en-us;294720 

regards
0
 
td_milesAuthor Commented:
managed to get it published finally (had outbound instead of inbound, DOH !).
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now