Solved

ISA filtering/routing

Posted on 2004-10-26
249 Views
Last Modified: 2010-04-14
My situation is as follows:


Internet --- PIX --- ISA --- LAN


The PIX firewall outside interface is connected to the Internet.
ISA Server 2000 (2000 SBS Server) is connected via crossover cable to PIX inside.
ISA Server 2nd NIC is connected to LAN.
IP address of PIX outside is 1.1.1.2/30
IP address of PIX inside is 192.168.1.1/24
IP address of ISA outside is 192.168.1.2/24
IP address of ISA inside is 10.0.0.1/8
IP address of Terminal Server is 10.0.0.80/8
IP address of VPN client connected to PIX is 192.168.2.0/24

What I need to happen is for VPN client connected to the PIX (from Internet) with IP address 192.168.2.x be able to connect to Terminal Server 10.0.0.80 which is on the other side of the ISA box.

What routing/filtering/other do I need to setup/configure on the ISA box. Essentially what I want to do is to allow traffic from 192.168.2.x on the unsecure interface of the ISA box to be routed to the secure subnet (10.0.0.0) interface without being NAT'ed or anything else.

I am a quite proficient at routing/firewall/network config, but an ISA dummy, so concepts are ok, but don't assume I know how to do anything at all in ISA (ie. step-by-step would be nice). This is something I have inherited, I would choose to do things differently given the option to start again.

Thanks.

0
Question by:td_miles
    6 Comments
     
    LVL 2

    Expert Comment

    by:hanano
    hi

    you can't do that with isa 2000,because its always do nating ,can't routed but in isa 2004 you can do it
    0
     
    LVL 13

    Author Comment

    by:td_miles
    ok, if thats the case,  what can I do to work around this ?
    0
     
    LVL 2

    Expert Comment

    by:hanano
    can you explain more in detail what you want exactly
    0
     
    LVL 13

    Author Comment

    by:td_miles
    I want a way for people who are connected to the PIX with the VPN client (and have IP address 192.168.2.x) to be able to connect to Terminal Services on IP 10.0.0.80.

    Between the two lies the ISA server.
    0
     
    LVL 2

    Accepted Solution

    by:
    you should publish your internal terminal server on isa
    http://support.microsoft.com/default.aspx?scid=kb;en-us;294720

    regards
    0
     
    LVL 13

    Author Comment

    by:td_miles
    managed to get it published finally (had outbound instead of inbound, DOH !).
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now