Configuring NAT on the ISA Gateway (Windows Server)
Before NAT is enabled, the source IP address of the incoming traffic forwarded by the Gateway Agent, after decryption, will retain the IP address of the Tap-Windows Adapter V9 virtual interface. The remote corporate resources will be unable to route the return traffic without further routing configuration.
Here is the screen shot of the Wireshark capture done on the physical interface when a remote user tries to ping a corporate resource without NAT enabled on the Gateway. Notice how the source IP address is that of the virtual interface and no replies are received on the interface from the remote resource.
- On the Server Manager screen, click Tools and select Routing and Remote Access from the
drop-down.
- Right-click on the server’s name. In this
example, Win2k16
- Click on Configure and Enable Routing and Remote Access.
- In the Configuration window, select the Network address
translation (NAT) radio button.
- Click Next.
- On the NAT
Internet Connection window, select the public interface. In this
example, it is Ethernet with an IP address of 192.168.0.101.
- Click Next.
- On the next window, click Finish.
- Expand the server’s name and expand IPv4.
- Select NAT and right-click the physical interface selected for NAT.
- Click Show
Mappings.
- On the mapping table, you will see inbound
packets translated on the interface selected for NAT.
- Ping from a remote user to an internal
resource will receive replies now. Here is a Wireshark capture. Notice the
source IP address is of the physical interface selected for NAT.
In case you are unable to configure NAT on the Gateway by following these steps, contact your organization's IT Team.
If you are the administrator of the organization's ISA Account and need assistance, contact InstaSafe Support
Related Articles
Installing the ISA Gateway Agent on a Windows Server
This KB describes the installation process of the Gateway Agent software on a Windows Server. ISA Gateway Agent InstaSafe Secure Access (ISA) Gateway Agent is a software that acts as the entry and exit point for user access. Gateways are deployed at ...Configuring the ISA Gateway for VOIP traffic
The ISA Gateway Agent is ideally deployed at the edge of a corporate network to connect remote clients or networks to the private corporate network. A DTLS tunnel, providing Datagram Transport Layer Security, is established between the Gateway and ...ISA Windows Integrated MFA
This Article serves as a Whitepaper for the ISA Windows Integrated MFA feature Introduction A User in InstaSafe Secure Access (ISA) with Authentication Type set to ‘Certificate’ would not be prompted by the ISA App for credential verification and ...ISA App Log File
The ISA App, once successfully installed and configured, generates Connection Logs that could be extremely helpful in troubleshooting issues that may crop up. Depending on the device OS, the Log File location is as follows: Locating the ISA App Log ...ISA Portal Login Error "Can't contact LDAP server"
This Article highlights the steps to be taken in case users are unable to login to the ISA Portal and error message is "Can't contact LDAP server" Issue On attempting to login to the InstaSafe Secure Access (ISA) Portal, an error message is received: ...