No announcement yet.

ISA 2004 & Cisco Firewall ???

  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2004 & Cisco Firewall ???

    Hello to all!

    Scenario: we have our own server in our office,
    with Windows 2003 standard, two NICS, ADSL connection.
    ISA 2004.

    Aim: our developer (his computer is in our domain) needs to have an access to remote site. Remote site adminsitrator provided us the CD with Cisco VPN client software. We installed that CD.
    We can connect to remote computer(my guess this is cisco firewall IP), but we can't connect to remote windows-based server.

    Then I attached normal analog modem to developer's PC, we dialed to internet provider, and we connected to remote windows-based server.

    It is obvious that something should be done on our ISA2004 firewall.

    I don't know a much about Cisco firewalls. In our case, I have the following information about remote network:
    - public IP of firewall
    - internal IP for remote windows-based server
    - username and password for Cisco firewall

    Remote site's administrator included *.pcf file in Cisco vpn client distributive directory. So that after installation of that vpn client we already have connection to remote server.

    Everything looks like except the only thing: what should be done on our ISA 2004 ?

    Thank you in advance for your help!!!

    Mihail Kravsun

  • #2
    Re: ISA 2004 & Cisco Firewall ???

    Actually I doubt that this has anything to do with ISA, as you do not have any problem establishing the VPN to the remote site.
    The moment the VPN tunnel is established, the data travelling inside is encrypted and ISA can only see the "pipe" but can not look inside it.

    My guess is that this has something to do with either name resolution or routing or colliding IP scopes on both sides (i.e.: your LAN uses and the remote site provides IP from the same scope)
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: ISA 2004 & Cisco Firewall ???

      Had a similar situation at a client with ISA 2004 (SBS2003 SP1) and CheckPoint SecuRemote.
      I started by reading up here:
      I then created a rule in ISA2004 which said all/all/all could get through to the specific IP of the remote connection (remote Firewall). So SecuRemote connected, but he could not RDP to the Win2K3 server although he could ping it. Disabling ther ISA FWC(FireWall Client) solved that. I then used the monitoring on ISA 2004 to watch what traffic went through he connected and made the necessary protocol rules to replace the all/all/all.
      What is left now is to find a script that will automatically disable/enable the FWC when he connects

      Steven Teiger [SBS-MVP(2003-2009)]
      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We donít stop playing because we grow old, we grow old because we stop playing.