locked
ISA 2006 VPN to Perimeter with different domain RRS feed

  • Question

  • Hi,

    We currently have our ISA 2006 array setup with 3-Leg configuration.

    The ISA servers are joined to the domain on the Internal network (192.168.2.x)

    What I'd like to know is if the following configuration is possible or not; I would like VPN clients (192.168.10.x) to connect to Periemter network (192.168.3.x) to untilize resources. The Perimeter network is on a separate, UNTRUSTED domain.

    We currently have VPN clients working to connect to the Internal network resouces. I tried changing the Network rule and Firewall rule to allow access to Perimeter instead of Internal network, but as expected this didn't work.

    I assume this is due to the fact that internal resources (DNS, DHCP, File Server etc) are untrusted. Though, noticeably, I can't even Ping.

    Can anyone shed some light?

    Regards,

    James

    Friday, September 24, 2010 8:51 AM

Answers

  • Hi,

     

    Thank you for the post.

     

    “What I'd like to know is if the following configuration is possible or not”- Yes, I have tested it successfully on my ISA lab. Please create network rule as route between Perimeter and VPN Client and create access rule to allow traffic(PING) from VPN client to Perimeter.

     

    Regards,


    Nick Gu - MSFT
    Tuesday, September 28, 2010 6:21 AM
    Moderator