Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Help with Cisco PIX and ISA server configuration problem

Thread Tools

Help with Cisco PIX and ISA server configuration problem

Posts: n/a

I have tried to ask this on ISA server newsgroups but I didn't get a
response that would satisfy me.

I have a network with Cisco PIX and Microsoft ISA server in a so called
back-to-back configuration. That is:

LAN->ISA server->DMZ->PIX->Cisco router->internet

I have three subnets:
1. LAN and internal interface of ISA server
2. DMZ with web/mail servers, the external interface of ISA Server and
internal interface of PIX firewall
3. The external interface of PIX firewall and internal interface of
Cisco router

Since the connection to the internet is only 256kbps, I am planning to
install ADSL to serve my outbound Internet connection for my LAN users
(through the internal ISA server of course) and I was thinking to do it
by installing the third interface on the ISA server that would be
connected to ADSL router.

The problem is that I am currently using the ISA server as my VPN
server. By installing the third interface on the ISA and setting ADSL
router as the default gateway my VPN traffic will be lost because it
won't return to the PIX (ISA server can have only one default gateway
and that is ADSL router).

So I think about enabling bi-directional NAT on the PIX so that all the
VPN traffic that comes to ISA server can be returned to the PIX by
using the static route(VPN traffic will be nated and have the PIX
internal address as the source address).

Is it possible?? Is it a good way? I know it can be solved by some
software or separate router but I can't afford anything more than third
network interface on the ISA server.

I was also thinking about terminating VPN on the PIX (the current PIX
software supports it) and doing the AD authentication by radius server
installed on ISA server. Is it any better and possible?

thanks very much, I would really appreciate any help.


dejan gambin

Reply With Quote
Posts: n/a
I think enable VPN on the PIX is better,to do this can resolve your

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 501 and ISA 20004 - Pix for DSL PPPOE only and no NAT... Terry Cole Cisco 0 01-18-2007 02:27 PM
LAN-LAN VPN using Cisco PIX to Microsoft ISA Server 2004 wmmalii Cisco 0 05-16-2006 11:36 PM
ISA server with cisco PIX Cisco 2 02-09-2006 01:45 AM
Problems connection to Cisco VPN from behind MS ISA and a PIX firewall Ned Hart Cisco 0 06-06-2004 03:33 PM
Configuring VPN through Cisco PIX and ISA Server in Back-to-back scenario Dejan Gambin Cisco 0 10-16-2003 01:53 PM