PIX and ISA Server

I'm setting up a remote site vpn from my ISA server to a PIX 501 Firewall box. I can get the ipsec connections up and get to my internal network, however any internet traffic is passed out through the public address on the PIX.
What I want to accomplish is having all outbound traffic, (internet) being sent accross the ipsec tunnel and back out through my ISA server for security purposes (use my ISA rules). Does anybody know how to do this or if its even possible? ( I assume it is beings it would act like a normal vpn connection to my ISA server from a remote site) Or even a link or somewhere with some good documentation on this. I have checked cisco's website and some ISA server sites with little success. Thanks in advance
RA1313IT

Hi,

If I get it right you have following setup:

HQ LAN (A) --> ISA2004

---

IPSEC TUNNEL

---

PIX --- Remote Site LAN (

What you have: somebody from B wants to connect to the Internet it exists via the public IP of the PIX.

What you want : Connecting from B to the Internet should pass via ISA 2004 to the Internet

Solution(s):

1) Use the ISA firewall client on B
2) Set your GW on B to point to th ISA
3) Use the ISA as your proxy on B

I would go for solution 1) as this provides you valuable benefits (TCP/UDP apps. connections, authentication, etc..)

You can check out www.isaserver.org for any ISA related info.

hth

Greetz,

Stefan

Stefan,

Thanks for your response.

This works great, i guess it isnt as difficult as I thought it was, i was figuring i had a rule set wrong in the PIX, but thanks for the multiple solutions to my problem

RA1313IT

Hi,

Your welcome and thanks for the follow up !

Greetz,

Stefke