We have a off-site "backup" web server that is being hosted by another company and is connected directly to the internet (not using a NAT router). Our corporate network is behind an ISA 2004 firewall/gateway. I need to set up an IPSec connection between the remote server and at least one server in our internal network so that we can securely transmit data between our network and the remote server.
I have tried setting up a VPN connection to the ISA from the remote server, but I only want communication between the two networks secured; regular internet traffic to/from the server does not need to go through the ISA. I just want IPSec without NAT.
Can I / how do I set up a direct IPSec connection between the two networks? Do I set up the connection between the ISA gateway and the remote server, or can I do it for specific internal servers? All servers are running Windows Server 2003 Standard.
I know this is a pretty broad question, so I don't expect detailed step-by-step answers, just some key points to set up and pitfalls to look for.