ISA Server 2006 IPSec Tunnel and HTTP Proxy
I have a problem with a ISA Server IPSec Site-to-Site VPN Tunnel.
We have Site A (with ISA-A) which has two internal networks A1 and A2 and Site B (with ISA-B) with one internal network B1.
There is an IPSec VPN-Tunnel between the primary IP of ISA-A and ISA-B which allow for traffic between A1 and B1.
In A2 are numerous servers which ISA-A published to the Internet on other IP-Adresses that are not the ISA endpoint.
Now I have the problem that I am unable to accomplish all of the following things:
- A1 and B1 can communicate using HTTP (Web Browser). (RDP, PING, and other protocols are never a problem)
- Clients in B1 can access the published web servers (HTTP or HTTPS) on their external IP addresses which are non-primary IPs.
In various configurations I achieved more or less satisfactory results but at no point everything was accomplished.
In network B1 both Firewall Clients and Web Browser clients are in use.
I tried the following solutions with different results:
- Terminated the end points on different IP addresses, but after that HTTP communication through the VPN tunnel was not possible. Described in http://support.microsoft.com/kb/885351/en-us
- excluded the IP addresses and domain names of A1 in the Proxy settings of ISA-B for the B1 network. - No help at all.
- defined a protocol (HTTP No-Proxy) with TCP port 80 and the WebProxy Filter not bound to it. I put an allow rule for this protocol between A1 and B1 in the firewall policy. - Changed nothing
- excluded the ISA external IP addresses from the VPN configurations. (allows for HTTPS communication between A1 and B1 and allows access to A2 while the VPN is on the primary IPs)
I hope someone has an idea what else I can try.
Thank you
Sascha
We have Site A (with ISA-A) which has two internal networks A1 and A2 and Site B (with ISA-B) with one internal network B1.
There is an IPSec VPN-Tunnel between the primary IP of ISA-A and ISA-B which allow for traffic between A1 and B1.
In A2 are numerous servers which ISA-A published to the Internet on other IP-Adresses that are not the ISA endpoint.
Now I have the problem that I am unable to accomplish all of the following things:
- A1 and B1 can communicate using HTTP (Web Browser). (RDP, PING, and other protocols are never a problem)
- Clients in B1 can access the published web servers (HTTP or HTTPS) on their external IP addresses which are non-primary IPs.
In various configurations I achieved more or less satisfactory results but at no point everything was accomplished.
In network B1 both Firewall Clients and Web Browser clients are in use.
I tried the following solutions with different results:
- Terminated the end points on different IP addresses, but after that HTTP communication through the VPN tunnel was not possible. Described in http://support.microsoft.com/kb/885351/en-us
- excluded the IP addresses and domain names of A1 in the Proxy settings of ISA-B for the B1 network. - No help at all.
- defined a protocol (HTTP No-Proxy) with TCP port 80 and the WebProxy Filter not bound to it. I put an allow rule for this protocol between A1 and B1 in the firewall policy. - Changed nothing
- excluded the ISA external IP addresses from the VPN configurations. (allows for HTTPS communication between A1 and B1 and allows access to A2 while the VPN is on the primary IPs)
I hope someone has an idea what else I can try.
Thank you
Sascha
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.