Microsoft ISA 2006 VPN Tunnel – HTTP Problem

When using ISA 2006 to create a site-to-site vpn tunnel to another location that is not using an ISA server. Such as a Fortigate or Pix. A configuration change needs to be made to allow the public IP address of the ISA Server in the tunnel. The reason behind this is that when a web request is made from site A (where the ISA is) to a webserver at site B (where Fortigate is) the request is processed by the ISA web proxy. All requests sent from the ISA server are then sent with a client IP of the external side of the ISA server. If the VPN tunnel is not configured to allow the external peer IP address then the traffic can not cross over the tunnel and users at site A can not access a website at site B. We solved this by modifying the VPN tunnel between the locations and allowing the VPN peer addresses into the tunnel.

Advertisements
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s