ISA 2006 DMZ and VPN Problem
-
Tuesday, May 29, 2012 3:03 PM
Hello Folks,
i have a ISA 2006 Probelm, and i hope you can help me.
First my config, can see my Network config on this screen.
I have a ISA 2006 SP1 and a DMZ on the ISA
and i have a S2S IPSec VPN to outer location.
in the DMZ Network is an MS IIS 6 webserver, ther host a lots of webseits.
-------------------------------------------
Internet
|
Router
|
ISA 2006 Server
|-------DMZ 172.x.x.x
|
LAN 192.x.x.x-------------------------------------------
now my Problem, i can not connect to the Webseit in the DMZ from the S2S VPN location,
all webseits in this location works fine. www.google.com .....
but all webseits in the DMZ dont work.
the VPN Location goes not over the VPN to the website, the goes over the Internet.
i will thet the location goes over the internet to the website.
when i delite the VPN Roule, the Location can access to website in the DMZ.
have any one a Idee what is wrong on my config?
best regards
Edmund
Mit freundlichen Grüßen Edmund Jung System Engineer KUMAtronik GmbH 86153 Augsburg Tel: +49 (0)170 3325 843 edmund.jung@kumatronik.de http://www.kumatronik.de wenn Sie eine schnelle Hilfe benötigen können Sie gerne auf einen Tel. Service von mir zurückgreifen (mit Rechnung)
All Replies
-
Friday, September 28, 2012 8:41 PM
CAUSE:
The following configurations are not supported in ISA Server 2004, in ISA Server 2006, or in Microsoft Forefront Threat Management Gateway, Medium Business Edition:
- Network address translation (NAT) cannot be used as part of the connection between an internal network and a remote site network. Network traffic that is initiated from an internal network to a remote site network will not connect as expected.
- A Web Proxy cannot be used as part of the connection between an internal network and a remote site network.
-
HTTP traffic can be enabled by defining a new protocol that is not configured for the Web Proxy application filter. For example, define a new protocol named HTTP1. Use the
new protocol in a rule that enables HTTP traffic to the specific remote site network. If multiple IPsec remote site networks require NAT/HTTP functionality, use a dedicated network adaptor for each remote site network. Use the primary IP address on the network
adaptor as the local endpoint.
For more information about how to create a protocol definition on ISA Server 2004 and on ISA Server 2006, visit the "To create a protocol definition" Web page on the following Microsoft Web site:
RESOLUTION:
http://technet.microsoft.com/en-us/library/bb838964.aspx (http://technet.microsoft.com/en-us/library/bb838964.aspx)
For more information about how to create a protocol definition on Microsoft Forefront Threat Management Gateway, Medium Business Edition, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc441512.aspx (http://technet.microsoft.com/en-us/library/cc441512.aspx)
============================================================
- Proposed As Answer by Namrata Thorve Friday, September 28, 2012 8:41 PM
.png)
