savannah010
join:2003-12-17
South Africa
| [Config] Richard
Hi.
I'm setting a VPN for the first time. We have an ISA box on a local LAN and are connecting with a 2501 to the ISP. We're NAT'ing over Serial0 to the ISP. In order for incoming connections to the ISA box I have to create a one to one translation (if I'm correct) but this is dangerous. Am I correct in saying that I would create an access list and attach it to that interface for inbound connections? There are also port (SMTP, WWW) translations already in place on that interface; will the one to one translation take preference over these translations?
Thanks in advance for any input.
Richard. |
|
Covenant
Premium,MVM
join:2003-07-01
England
| Hi Richard,
said by savannah010  :
In order for incoming connections to the ISA box I have to create a one to one translation (if I'm correct) but this is dangerous. Am I correct in saying that I would create an access list and attach it to that interface for inbound connections?
It is not dangerous, so to speak but it leaves you wide open on that one to one translation. You are correct in saying that you have to create an ACL.
said by savannah010 :
There are also port (SMTP, WWW) translations already in place on that interface; will the one to one translation take preference over these translations?
Should not do. If you have port translations already configured, the one to one NAT to the ISA server should not take precedence over it.
said by savannah010 :
Thanks in advance for any input.
Richard.
Your welcome Richard.  |
|
