Hi,
I have a simple SBS 2003 Premium setup scenario with 2 NICs, ISA and a router.
The internal NIC is assigned an internal IP: 192.168.16.2 (internal subnet is 192.168.16.0 / 24)
The external NIC is assigned an external static IP: 212.199.11.242
I need to set up a site-to-site IPSec VPN tunnel with a remote site (192.168.10.0 / 24). Keeping in mind that ISA can do IPSEC vpn tunnels, I went ahead with the approach of having ISA doing the VPN (the remote site is using an IPSEC VPN router device).
Now all this was working fine when access is needed between clients in the internal network and remote clients.
But...it makes perfect sense that the SBS server would have access to the remote site as well, doesn't it? But here lies the problem with running ISA on the same machine as your DC and Exchange server. Why is it a problem? Because when the SBS tries to reach a computer on the remote subnet (192.168.10.0) it uses the external NIC, which then invalidates the source address of the VPN tunnel (the external NIC is used because there is no gateway set on the internal NIC). Now the remote site VPN router is expecting VPN traffic from an IP in the subnet of 192.168.16.0 but it's now receiving packets from an external IP address (212.199.11.242) and so they are being dropped.
Is there any solution to this problem?
|