Had this working fine in ISA 2000 with a static route, but am drawing a blank in ISA 2004.       

 

SBS 2003 Prem w/ISA 2004 SP2 is 10.0.0.2, Cisco 3002 has internal interface 10.0.0.45 and external 65.123.x.x. that is plugged directly into router.

 

I have created a persistent static route, route add -p 206.44.x.x  MASK 255.255.255.255 10.0.0.45 METRIC 1, which was all I needed to get it to work in ISA 2000. I have attempted to create new network with 206.44.x.x, a new computer as 206.44.x.x, created new network rules to route traffic between networks and between conmputers, and created new access rules all to no avail.

 

Anyone gotten one of these to work with ISA 2004?

 

Thanks,

 

Doug

Hi Doug,

 

Did you figure this out yet?

No Marina, I have not figured this out yet.

 

I've resorted to using the Cisco VPN client on laptops that are running on a separate DSL circuit, completely bypassing SBS2003 and ISA2004 SP2.

 

If anyone has any insight at all I'd be most grateful.

 

Thanks,

 

Doug

Hi Doug,

 

Why do you need the Cisco VPN client?

Marina,

 

Using the Cisco client as a workaround to this problem. I cannot get the Cisco 3002 or the Cisco VPN client to get past ISA 2004 so I'm using the Cisco VPN client on a separate DSL circuit that does not traverse SBS or ISA.

 

Attached files as requested: ipconfigserver.txt is SBS2003 and ipconfigws.txt is a workstation

 

Appreciate any help you can offer,

 

Doug

Hi Doug,

 

Ipconfigs are looking good, although you can delete the WINS on the external server nic. I don't understand your setup with the other DSL, nor why you would need to add a static route. If you have run the RRAS wizard and forwarded 1723 and GRE protocol 47 from the router, you should be able to use VPN.

Marina,

 

Actually forgot that this was still open. I consulted with Amy Babinchak, an ISA guru, back in mid October and while she got me looking in the right direction it turned out NOT to be an ISA issue at all.

 

We are not originating or terminating the VPN at the SBS box. The Cisco 3002 does that all by it self. It has an external NIC (216.xxx.xxx.2) to get to the client network and an internal NIC (10.0.0.45) for us to get from our network to the 3002 and then on to the client network.

 

The solution was a persistent static route on the workstations that needed to get out through the Cisco 3002 (10.0.0.45) to the client server(216.xxx.xxx.3) AND an entry for the destination server(216.xxx.xxx.3) on the other end of the VPN in the workstations localLAT.txt to bypass the Firewall Client for ISA which I found here. Nothing touches the ISA Server in or out.

 

The DSL circuit is outside and completely separate from our SBS network. Using it with the Cisco VPN client was the only way we could get our work done until we came up with this fix.

 

Thanks for continuing to look at this, but I believe we can call this one solved-Doug