Gateway to gateway VPN SBS ISA firewall

ahayes1ic · 10-20-2006, 02:29 AM

I intend to setup a gateway to gateway VPN using 2 DG834G ADSL routers to connect a remote and local site. The local site currently has a windows SBS 2003 server with ISA installed as the firewall for the internal network and the remote site is just a bunch of clients.

localclients --> ISA Firewall -->gatewayA --> internet --> gatewayB --> remoteclients

local clients have subnet 192.168.10.0 and remote clients have subnet 192.168.1.0

How do I allow local traffic from both sites through the ISA firewall while still protecting external traffic?

In this scenario is the ISA firewall needed at all?

Should I unstall it and rely on the gateway firewall?

It is such a comprehensive firewall and it would be a shame to uninstall if that is the case.

Any suggestions?

ahayes1ic · 10-20-2006, 04:34 PM

Should I setup the gateway on the local side to pass traffic through to the ISA firewall like a DMZ but how do I setup ISA to allow a whole subnet access?

Do I then implement a firewall policy or a firewall filter or a static route in the routing and remote access server? Or maybe something else??

whardman · 10-21-2006, 06:57 AM

To do a gateway to gateway vpn, it would be best to have another ISA server on the remote side, and have a DMZ with the firewall turned off on the router.

Another option would be to have another server on the remote side (no ISA) that connects to the ISA server on the local side. Gateway-A with DMZ to isa server, no firewall.

There shouldn't be any need for a static route or firewall filter. (That I know of)

10-20-2006, 02:29 AM	#1 (permalink)
ahayes1ic Registered User Join Date: Jun 2003 Posts: 5 OS: Win XP Pro	Gateway to gateway VPN SBS ISA firewall I intend to setup a gateway to gateway VPN using 2 DG834G ADSL routers to connect a remote and local site. The local site currently has a windows SBS 2003 server with ISA installed as the firewall for the internal network and the remote site is just a bunch of clients. localclients --> ISA Firewall -->gatewayA --> internet --> gatewayB --> remoteclients local clients have subnet 192.168.10.0 and remote clients have subnet 192.168.1.0 How do I allow local traffic from both sites through the ISA firewall while still protecting external traffic? In this scenario is the ISA firewall needed at all? Should I unstall it and rely on the gateway firewall? It is such a comprehensive firewall and it would be a shame to uninstall if that is the case. Any suggestions?

10-20-2006, 04:34 PM	#2 (permalink)
ahayes1ic Registered User Join Date: Jun 2003 Posts: 5 OS: Win XP Pro	Should I setup the gateway on the local side to pass traffic through to the ISA firewall like a DMZ but how do I setup ISA to allow a whole subnet access? Do I then implement a firewall policy or a firewall filter or a static route in the routing and remote access server? Or maybe something else??

10-21-2006, 06:57 AM	#3 (permalink)
whardman Registered User Join Date: Jun 2006 Location: Cincinnati, Ohio Posts: 617 OS: Windows XP My System	To do a gateway to gateway vpn, it would be best to have another ISA server on the remote side, and have a DMZ with the firewall turned off on the router. Another option would be to have another server on the remote side (no ISA) that connects to the ISA server on the local side. Gateway-A with DMZ to isa server, no firewall. There shouldn't be any need for a static route or firewall filter. (That I know of)