Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersIssue with ISA sitting behind Mako - setting up VPN for moving CRM server.


22 posts

Geek


# 41240 11-Sep-2009 21:03
Send private message

Hi all,

Im new to the forums.
I am working as sys admin for a company who has decided to move our CRM server along with other servers to a hosted environment. We are just doing CRM for now.

Now, we have 3 sites(local/international) connected via Mako's through VPN tunnels. Our site is the main office and behind the Mako sites an ISA2006 box(proxy). From there it is connected to others servers(DC/Dev/Mail/Backup AD/etc).

Now, at the datacentre there are 5 VESA machines all setup and ready for us.

the most important server would be the AD Replicator(replicates data from our AD) at the remote site. That would be crucial to our CRM server for authentication.

We have discovered that the BEST way to setup the link would be through an IPSec tunnel. I have opened up their firewalls' IP and their console IP address in our Mako as outbound rule to allow EVERYTHING(protocols/traffic).

The issue now is that I believe our ISA2006 box would cause issues.

What I need to know is CAN I SETUP AN IPSEC TUNNEL THROUGH ISA2006 WHICH IS SITTING BEHIND OUR MAKO? So in essence - the Mako box WOULDNT initiate the tunnel as its only allowing EVERYTHING to that address.

Has ANYONE setup an IPSEC tunnel or PPTP link through ISA?

This weekend, i was planning on taking our proxy down and connecting to their VM console directly.

Create new topic
Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  # 255094 11-Sep-2009 21:34
Send private message

IPSEC isnt always easy to get working using NAT-T. Does your ISA box have an external IP address, or is it a NAT address?

Why do you need to configure the IPSEC VPN at the ISA Server? Why wouldnt you use the MAKO to manage the tunnel?




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs



22 posts

Geek


  # 255105 11-Sep-2009 22:33
Send private message

Thanks for your reply.

Why do you need to configure the IPSEC VPN at the ISA Server?
If I termincate the Tunnel at the Mako - then I would need to somehow configure routes to the Mako box I assume and create rules?

Why wouldnt you use the MAKO to manage the tunnel? I dont know sorry. Thats what I was going to do initially, however the firewall guys said that it would make things messy.

Personally I would like to have the mako handle the tunnel and let the ISA work away with policies.

 
 
 
 


Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  # 255108 11-Sep-2009 22:55
Send private message

can you draw a 'picture' of your network? showing ISA and Mako ip addresses/subnets? (use fake addresses that 'resemble' the real ones...)




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

411 posts

Ultimate Geek
+1 received by user: 19

Trusted

  # 255111 11-Sep-2009 23:14
Send private message

I've something similar before though through a Cisco rather than Mako. Should be no problem. VPN terminated on the ISA Server - is that what you're trying to do?




Paul Spain
Founder: Gorilla Technology, NZ Tech Podcast, Cloud Labs, UFB.org.nz



22 posts

Geek


  # 255113 11-Sep-2009 23:18
Send private message

https://cdn.geekzone.co.nz/imagessubs/blog603923b02b2696802da3e91d20b3297f.jpg

Here is a dumbed down pic of our n/w.

Paul - Was that using an ISA box as well? How did you set the rules in your ISA?
If we had cisco @ work, it would be MUCh easier for me.

411 posts

Ultimate Geek
+1 received by user: 19

Trusted

  # 255114 11-Sep-2009 23:22
Send private message

Yes, using ISA Server.

You can find some direction here:
http://www.isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html




Paul Spain
Founder: Gorilla Technology, NZ Tech Podcast, Cloud Labs, UFB.org.nz



22 posts

Geek


  # 255115 11-Sep-2009 23:27
Send private message

Thanks man, I was having a look at that earlier today but i will read up in detail tomorrow.
I was having issues with a custom ssl port so had to use their script to change the ssl port.

 
 
 
 




22 posts

Geek


  # 255671 14-Sep-2009 17:47
Send private message

Ok update - IPSec VPN Tunnel is up. I can see on the Mako and the hosting company confirmed its up now.

I want to RDP into the servers over @ the datacentre.. What would my next step be?



22 posts

Geek


  # 255871 15-Sep-2009 14:14
Send private message

Update #2 - can successfully RDP into the servers at the datacentre now.
I need to get Replication done on 1 of the servers.
Because they have a public IP eg 210.x.x.x how would I go abouts doing that? I cannot change their IP addresses to match our internal 192.168.x.x address.

Help?



22 posts

Geek


  # 260522 2-Oct-2009 11:52
Send private message

Update #3 - Everything sorted. Could mods please either delete/close?

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21

Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36

Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57

Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48

New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35

Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00

Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34

OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28

Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20

New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09

ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39

TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.