Re: Anybody know about VPN with ISA Server between LAN and PIX?

mburnford · ‎10-28-2002

Hello

I think we have a problem getting traffic in the VPN tunnel routed across the ISA Server, but I'm stuck. Can you help please?

The VPN Client3.5 makes a secure tunnel over the Internet with PIX506 (v.6.01) using Cisco VPN, and can ping the server outside interface, but it cannot reach the server inside interface on the LAN.

The server runs ISA Server 2000 between the two network cards, and, even with all IP Packet Filters and Protocol Rules set to allow all traffic, I cannot reach the LAN on the inside of the ISA server.

When the inside interface of the PIX was on the LAN it was all working, but we have added the ISA Server between the LAN and the PIX for easier control - and now SMTP mail in and out, and Internet and ftp out work, but VPN won't work. The PIX configuration is almost the same, still with the clients receiving addresses from the PIX ip local pool. There is no Microsoft VPN set up - I assume all traffic inside the tunnel should be just normal traffic. Routing?

Thanks

Michael Burnford

edadios · ‎10-28-2002

If the ISA server is doing PAT, then that could be the issue. The pix does not yet support vpn clients when there is pat in the middle.

Regards,

mburnford · ‎10-29-2002

Many thanks, but I can't find anything about PAT in the ISA Server. It does talk about server publishing to make internal servers available to outside: maybe I need to look at that!

Regards

Michael