Here's the setup.
ISA2000 server with RRAS running.
The server has two interfaces,
one trusted on internal LAN,
one untrusted with routable address.
Here's what works.
1. all internal PCs can route to internet through ISA server.
2. All external VPN clients can connect through ISA server VPN and access internal PCs.
Here what doesn't work.
1. all external VPN clients cannot route out to the internet through the ISA server while using the VPN.
Here's are several things I have looked into that you all will ask about.
1. In RRAS "Enable this computer as LAN and demand dial router" is ticked.
2. In RRAS both "enable IP Routing" and "Allow IP based remote access and demand dial connections" is ticked.
3. On the VPN client, "Use default Gateway on remote network" is ticked, because we DO want the clients to route through the ISA server for all access while attached to the VPN.
4. Setting the VPN client to be a proxy client to the ISA server internal address for web browsing will not work because we need to route more than just Web traffic through the ISA server. (e.g. DNS for the VPN clients is external.)
Please let me know if you have any ideas how to make this work.
Thanks!
Dana
ISA2000 server with RRAS running.
The server has two interfaces,
one trusted on internal LAN,
one untrusted with routable address.
Here's what works.
1. all internal PCs can route to internet through ISA server.
2. All external VPN clients can connect through ISA server VPN and access internal PCs.
Here what doesn't work.
1. all external VPN clients cannot route out to the internet through the ISA server while using the VPN.
Here's are several things I have looked into that you all will ask about.
1. In RRAS "Enable this computer as LAN and demand dial router" is ticked.
2. In RRAS both "enable IP Routing" and "Allow IP based remote access and demand dial connections" is ticked.
3. On the VPN client, "Use default Gateway on remote network" is ticked, because we DO want the clients to route through the ISA server for all access while attached to the VPN.
4. Setting the VPN client to be a proxy client to the ISA server internal address for web browsing will not work because we need to route more than just Web traffic through the ISA server. (e.g. DNS for the VPN clients is external.)
Please let me know if you have any ideas how to make this work.
Thanks!
Dana