VPN site-to-site ipsec.Branch office access to internet

[pviqueira]

Hello,

I have configured a VPN site-to-site (ipsec) betwen ISA 2006 and a router in a branch office and the connection is established.
Now, I need that my branch office get access to internet through ISA 2006 passing through the VPN tunnel.

This picture describe my network:

http://www.flickr.com/photos/12345157@N07/1441339869/

I cofigured:

1º Created by the ISA wizard:
* Network VPN site-to site ipsec.
* Network rule type route. Branch office - Internal Network
*Access roule:
Allow
branch office internal
--------------------
internal branch office

2º Created by me

* Network rule type NAT. Branch office-External
*Access roule:
Allow
Branch office ---------------External

But I can`t get internet access from the branch office to internet (external).
I need to get access from branch office to internet directly without using proxy web.


Any idea?

Thanks
Pablo

 

[firthm]

I think you also need an Allow Branch Office > Internet rule? Doesn't it differentiate between Ext/Internet...?

Also might need to add a static route to your VPN router at branch office telling it to forward everything (0.0.0.0) to your ISA server.

Mike

Michael Firth
DIY MCSE

http://www.diymcse.com

~If it's not broke, break it and LEARN~

 

[pviqueira]

Thaks Mike,

I have an access rule from branch office to internet(external) an a default route through the tunnel (all traffic goes through the tunnel).

*Access roule:
Allow
Branch office ---------------External