RE: Access the Internal Network
- From: Paul Hillen <phillen@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 4 Jan 2002 09:15:32 -0500
Hi Vinay,
I am attempting to find the exact same answers you are and this is what I
have been told.
Yes you can use VPN to hit your internal network, but only under 2
scenerios.
1. Firewall is added to your internal networks domain.
2. You setup a back to back DMZ with ISA servers.
I dont like the idea of adding the firewall to the internal domain - scares
the *&^% out of me and I am not able to setup a back to back DMZ at this
time to allow for a more robust approach to allowing users onto the internal
network.
What I have been able to do so far is this and trust me - it is not the way
I want it, but it works.
1. Allow your remote users to VPN to the ISA Server which is NOT part of
your internal domain.
2. Once the user connects and authenicates to the ISA Server via VPN -
he/she can now map to any machine internally by using IP address of machines
(or use a WINS server to resolve IP's to NETBIOS names). When they make a
hit on the internal machines, they will be prompted for username and
password (if you are using Windows NT or higher clients) and they can log
onto them that way.
This will work for simple file transfers etc., but if you need to connect to
Exchange ETC - then thats a different story and it is not a nice way to do
it.
So you pretty much have 3 choices
1. Add the ISA to the internal domain - VPN to ISA and your are
authenicated to internal domain.
2. Build a back to back DMZ of ISA servers - (if you have Tom Schinders
book - ISA Server 2000) it will give a brief explaination on how to do this.
3. Keep the ISA off the internal domain - allow users to VPN to ISA Server
and map to internal machines as described above.
That pretty much sums up your options.
If I am wrong on my understanding of this - please someone let me know - but
I need to accomplish the same thing and I am sure alot of others need to
also.
Later
Paul
-----Original Message-----
From: Vinaykumar G [mailto:G.Vinay@xxxxxxxxx]
Sent: Friday, January 04, 2002 2:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Access the Internal Network
http://www.ISAserver.org
Hi All,
we have ISA (integrated mode) on the edge of our network on a win2k as
a standalone server. Webpublishing,ftp, sql are working fine, we have
another requirement that some users will be on the travel and other users
from their home would like to access the Internal Network. Earlier they used
to use RAS on NT 4.0 PDC, but since the users are increasing we would like
to implement other solution for this. Is VPN the solution or someother way.
I understand VPN would be used to connect from main office to branch office
but our scenario is something different as users want to access the network
from thier home and on travel.
Please advice as what configurations have to be enabled on ISA to make this
available.
Best Regards,
Vinay.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
phillen@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
