Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersIssue with ISA sitting behind Mako - setting up VPN for moving CRM server.
HybridTheory

22 posts

Geek


#41240 11-Sep-2009 21:03
Send private message

Hi all,

Im new to the forums.
I am working as sys admin for a company who has decided to move our CRM server along with other servers to a hosted environment. We are just doing CRM for now.

Now, we have 3 sites(local/international) connected via Mako's through VPN tunnels. Our site is the main office and behind the Mako sites an ISA2006 box(proxy). From there it is connected to others servers(DC/Dev/Mail/Backup AD/etc).

Now, at the datacentre there are 5 VESA machines all setup and ready for us.

the most important server would be the AD Replicator(replicates data from our AD) at the remote site. That would be crucial to our CRM server for authentication.

We have discovered that the BEST way to setup the link would be through an IPSec tunnel. I have opened up their firewalls' IP and their console IP address in our Mako as outbound rule to allow EVERYTHING(protocols/traffic).

The issue now is that I believe our ISA2006 box would cause issues.

What I need to know is CAN I SETUP AN IPSEC TUNNEL THROUGH ISA2006 WHICH IS SITTING BEHIND OUR MAKO? So in essence - the Mako box WOULDNT initiate the tunnel as its only allowing EVERYTHING to that address.

Has ANYONE setup an IPSEC tunnel or PPTP link through ISA?

This weekend, i was planning on taking our proxy down and connecting to their VM console directly.

Create new topic
Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #255094 11-Sep-2009 21:34
Send private message

IPSEC isnt always easy to get working using NAT-T. Does your ISA box have an external IP address, or is it a NAT address?

Why do you need to configure the IPSEC VPN at the ISA Server? Why wouldnt you use the MAKO to manage the tunnel?




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs



HybridTheory

22 posts

Geek


  #255105 11-Sep-2009 22:33
Send private message

Thanks for your reply.

Why do you need to configure the IPSEC VPN at the ISA Server?
If I termincate the Tunnel at the Mako - then I would need to somehow configure routes to the Mako box I assume and create rules?

Why wouldnt you use the MAKO to manage the tunnel? I dont know sorry. Thats what I was going to do initially, however the firewall guys said that it would make things messy.

Personally I would like to have the mako handle the tunnel and let the ISA work away with policies.

Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #255108 11-Sep-2009 22:55
Send private message

can you draw a 'picture' of your network? showing ISA and Mako ip addresses/subnets? (use fake addresses that 'resemble' the real ones...)




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs



paulspain
417 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #255111 11-Sep-2009 23:14
Send private message

I've something similar before though through a Cisco rather than Mako. Should be no problem. VPN terminated on the ISA Server - is that what you're trying to do?




Paul Spain
Founder: Gorilla Technology, NZ Tech Podcast

HybridTheory

22 posts

Geek


  #255113 11-Sep-2009 23:18
Send private message

https://cdn.geekzone.co.nz/imagessubs/blog603923b02b2696802da3e91d20b3297f.jpg

Here is a dumbed down pic of our n/w.

Paul - Was that using an ISA box as well? How did you set the rules in your ISA?
If we had cisco @ work, it would be MUCh easier for me.

paulspain
417 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #255114 11-Sep-2009 23:22
Send private message

Yes, using ISA Server.

You can find some direction here:
http://www.isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html




Paul Spain
Founder: Gorilla Technology, NZ Tech Podcast

HybridTheory

22 posts

Geek


  #255115 11-Sep-2009 23:27
Send private message

Thanks man, I was having a look at that earlier today but i will read up in detail tomorrow.
I was having issues with a custom ssl port so had to use their script to change the ssl port.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
HybridTheory

22 posts

Geek


  #255671 14-Sep-2009 17:47
Send private message

Ok update - IPSec VPN Tunnel is up. I can see on the Mako and the hosting company confirmed its up now.

I want to RDP into the servers over @ the datacentre.. What would my next step be?

HybridTheory

22 posts

Geek


  #255871 15-Sep-2009 14:14
Send private message

Update #2 - can successfully RDP into the servers at the datacentre now.
I need to get Replication done on 1 of the servers.
Because they have a public IP eg 210.x.x.x how would I go abouts doing that? I cannot change their IP addresses to match our internal 192.168.x.x address.

Help?

HybridTheory

22 posts

Geek


  #260522 2-Oct-2009 11:52
Send private message

Update #3 - Everything sorted. Could mods please either delete/close?

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright