ISA filtering/routing

My situation is as follows:


Internet --- PIX --- ISA --- LAN


The PIX firewall outside interface is connected to the Internet.
ISA Server 2000 (2000 SBS Server) is connected via crossover cable to PIX inside.
ISA Server 2nd NIC is connected to LAN.
IP address of PIX outside is 1.1.1.2/30
IP address of PIX inside is 192.168.1.1/24
IP address of ISA outside is 192.168.1.2/24
IP address of ISA inside is 10.0.0.1/8
IP address of Terminal Server is 10.0.0.80/8
IP address of VPN client connected to PIX is 192.168.2.0/24

What I need to happen is for VPN client connected to the PIX (from Internet) with IP address 192.168.2.x be able to connect to Terminal Server 10.0.0.80 which is on the other side of the ISA box.

What routing/filtering/other do I need to setup/configure on the ISA box. Essentially what I want to do is to allow traffic from 192.168.2.x on the unsecure interface of the ISA box to be routed to the secure subnet (10.0.0.0) interface without being NAT'ed or anything else.

I am a quite proficient at routing/firewall/network config, but an ISA dummy, so concepts are ok, but don't assume I know how to do anything at all in ISA (ie. step-by-step would be nice). This is something I have inherited, I would choose to do things differently given the option to start again.

Thanks.

LVL 13
td_milesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hananoCommented:
hi

you can't do that with isa 2000,because its always do nating ,can't routed but in isa 2004 you can do it
0
td_milesAuthor Commented:
ok, if thats the case,  what can I do to work around this ?
0
hananoCommented:
can you explain more in detail what you want exactly
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

td_milesAuthor Commented:
I want a way for people who are connected to the PIX with the VPN client (and have IP address 192.168.2.x) to be able to connect to Terminal Services on IP 10.0.0.80.

Between the two lies the ISA server.
0
hananoCommented:
you should publish your internal terminal server on isa
http://support.microsoft.com/default.aspx?scid=kb;en-us;294720 

regards
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
td_milesAuthor Commented:
managed to get it published finally (had outbound instead of inbound, DOH !).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.