Jeff,
Thanks for your feedback, but the issue when I do this is the following;
When I add the 192.168.10.0/24 network to the internal network every
packet comming from the p-vpn users gets dropped by the isa server with
the message "Spoofing"... :(
Isa 2004 does not like addresses defined in the internal range to show
up on external interfaces... apparently.
Bart
________________________________
From: Jeff Pricher [mailto:jeffpricher@yahoo.com]
Sent: woensdag 10 mei 2006 15:23
To: Mollemans, Bart
Cc: firewalls@securityfocus.com
Subject: Re: ISA 2004 issue
You will need to add a persistent route statement for the
192.168.10.0/24 network. route ADD 192.168.10.0 MASK 255.255.255.0
your_gatway_for_192_168.10
You will also need to open ISA server manager and add
192.168.10.0-192.168.10.255 to the Addresses tab on the Internal
interface. Finally make sure you have a Firewall Policy to allow traffic
from that network out the firewall.
Hope this helps.
Jeff Pricher
"Mollemans, Bart" <bart.mollemans@getronics.com> wrote:
Dear all,
I'm in dire need of some help in a precarious isa-proxy matter.
Allow me to skip to the point;
The network set-up is as follows:
Internet
|
Switch
/ / \
Vpnc Isa Server
|
Lan Switch
The users who authenticate on the vpnc get 192.168.10.0/24
addresses.
The lan users have the 10.1.0.0/24 range.
The isa server has 10.1.0.1 as address on his internal interface
and a
public address on his external interface.
Now The p-vpn users need to use the isa server as IE proxy
server. (Yes
they have to, company policy does not allow them to use their
laptops
with any other proxy server :(, sigh )
Unfortunately I tried everything but to go crazy, to have the
isa server
allow this functionality. Now when a pvpn connected client opens
a
connection to the isa-server port 8080 he gets an OPEN but
whatever we
try the connection closed instantly...
Any idea's are greatly appreciated!
Kind regards,
Bart
