Announcement

Collapse
No announcement yet.

ISA site to site vpn setup

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA site to site vpn setup

    Hi,

    I want to create a SIte 2 Site VPN using ISA 2004. The setup is like this.

    Main Office - ADSL with dynamic IP

    Branch Office - 2 MBPS ADSL line with Dynamic IP.

    Head office

    ISA Server WAN NIC IP - 192.168.2.2
    Subnet Mask - 255.255.255.0
    Gateway - 192.168.2.1
    DNS - Local ISP DNS.

    ISA Server LAN NIC IP - 150.25.25.11
    Subnet Mask - 255.255.255.0
    Gateway - No GW
    we have AD, DNS,DHCP in headoffice

    Remote :

    ISA Server WAN NIC IP - 180.10.10.62

    Subnet Mask - 255.255.255.0
    Gateway - 180.10.10.1
    DNS - Local ISP DNS.

    ISA Server LAN NIC IP - 160.10.10.15
    Subnet Mask - 255.255.255.0
    Gateway - No GW

    Is it possible to do site to site with ISA 2004 , with 2 dynamic IPsand possible to ping and access 160.10.10.0 network with 150.25.25.0

  • #2
    Re: ISA site to site vpn setup

    Yes, it's doable, although I'd setup dyndns or similar for each site to make things a bit easier.

    Firstly though, remove the ISP DNS settings from your WAN NICs. You shouldn't have DNS settings on the WAN card at all, and if you absolutely insist that you must then use the internal DNS servers.

    Also, is there a reason you are using public IPs on your internal networks?

    Anyway, leaving that aside, ISA has wizards for creating site-to-site VPNs. You can use PPTP, L2TP or IPSEC (I think) and what protocols are allowed between sites depends on the access rules you configure. I normally use PPTP for simplicity and basically all you need to put in is the remote address (IP or DNS name) of the site you are connecting to and the subnet and mask that is used there. ISA automatically adds the routes in.

    Here's the technet guide, make sure as well after you finish that you go into RRAS and tell the VPNs not to register in DNS as you don't want mutiple DNS entries for your servers.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment

    Working...
    X