Help with Cisco PIX and ISA server configuration problem

Discussion in 'Cisco' started by Dejan, Aug 17, 2005.

  1. Dejan

    Dejan Guest

    Hi,

    I have tried to ask this on ISA server newsgroups but I didn't get a
    response that would satisfy me.

    I have a network with Cisco PIX and Microsoft ISA server in a so called
    back-to-back configuration. That is:

    LAN->ISA server->DMZ->PIX->Cisco router->internet

    I have three subnets:
    1. LAN and internal interface of ISA server
    2. DMZ with web/mail servers, the external interface of ISA Server and
    internal interface of PIX firewall
    3. The external interface of PIX firewall and internal interface of
    Cisco router

    Since the connection to the internet is only 256kbps, I am planning to
    install ADSL to serve my outbound Internet connection for my LAN users
    (through the internal ISA server of course) and I was thinking to do it
    by installing the third interface on the ISA server that would be
    connected to ADSL router.

    The problem is that I am currently using the ISA server as my VPN
    server. By installing the third interface on the ISA and setting ADSL
    router as the default gateway my VPN traffic will be lost because it
    won't return to the PIX (ISA server can have only one default gateway
    and that is ADSL router).

    So I think about enabling bi-directional NAT on the PIX so that all the
    VPN traffic that comes to ISA server can be returned to the PIX by
    using the static route(VPN traffic will be nated and have the PIX
    internal address as the source address).


    Is it possible?? Is it a good way? I know it can be solved by some
    software or separate router but I can't afford anything more than third
    network interface on the ISA server.

    I was also thinking about terminating VPN on the PIX (the current PIX
    software supports it) and doing the AD authentication by radius server
    installed on ISA server. Is it any better and possible?

    thanks very much, I would really appreciate any help.

    regards

    dejan gambin
     
    Dejan, Aug 17, 2005
    #1
    1. Advertising

  2. Dejan

    Guest

    I think enable VPN on the PIX is better,to do this can resolve your
    problem
     
    , Aug 17, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dejan Gambin
    Replies:
    0
    Views:
    775
    Dejan Gambin
    Oct 16, 2003
  2. Replies:
    2
    Views:
    2,652
    Julian Dragut
    Feb 9, 2006
  3. wmmalii
    Replies:
    0
    Views:
    3,217
    wmmalii
    May 17, 2006
  4. Terry Cole
    Replies:
    0
    Views:
    434
    Terry Cole
    Jan 18, 2007
  5. Dingus

    Exchange Server 2003 and ISA Server 2004

    Dingus, Mar 25, 2006, in forum: Computer Support
    Replies:
    4
    Views:
    532
Loading...

Share This Page