isa server 2004 vpn routing

[alpha88]

I'm setting up isa server 2004 and also vpn access. I'm using 10.X.X.X for t
he vpn client IP addresses. On the internal network I'm using 192.168.X.X. S
hould this setup work or do I need to set up some type of routing between th
e 10 network and the 192 network. If so where do I enter this routing inform
aation can I add it to the isa 2004 systems route table?

 

[ChicagoTechNet]

quoted from

http://www.chicagotech.net

Configure Routing to another subnet in ISA for VPN client

Symptom: you create VPN in ISA server and the VPN clients use different IP range from the LAN. For example, the LAN IPs are 10.X.X.X and the VPN client IPs are 192.168.1.X.

Resolution: you need to add routing table entries pointing to the internal interface of the ISA server for the off subnet network ID. You can add these manually, or use a routing protocol such as RIP or OSPF


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[alpha88]

Thanks for the reply so basically after the vpn is established and the vpn client has an ip address of 10.x.x.x. In order for them to communicate with the internal lan I must route 10.x.x.x to the internal lan which is 192.168.1.x in your example. I was under confusion that I had to route the dmz segment into the internal lan than I guess if I did that it would defeat the purpose of the dmz. Since the dmz should actually never touch the lan. Ok this is my last concern and its on interface setup when I set up the isa server 2004 firewall behind a netgear fvs318. So when I designed the lan interface of the isa box I did not set a default gateway but I did set a default gateway on the wan interface of the isa box which was the ip address of th netgear router. Now when I design the interface for the dmz what default gateway should I give it. Sorry if I don't know much about routing.