Cool... I'll give it a whirl. The remote side is not so much the issue-
that's easy... It's handling the corporate side where I've got other remote
VPN users and such... Once I actually get into it I'm sure it will make more
sense...
Thx t
----- "I'll see your Llama and up you a Badger." John T
http://www.ISAserver.org
Yes; network objects - not networks. You can choose from computers, computer sets, address sets, subnets, etc...
That's kinda the reverse idea of the net-behind-a-net article on isaserver.org, except it's the distant side of the VPN tunnel.
-------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Friday, February 03, 2006 9:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Point-to-point VPN vs. Client VPN
http://www.ISAserver.org
Ah- I think I see... So, build new network objects or just keep the VPN Clients object and base everything off of IP? I can kind of see both ways. I guess the main question is how to control assets on the other side of the point-to-point that won't show up a "VPN Clients" because they are on the internal network- is that where I would want to build separate network objects with a NAT relationship? That kind of makes sense to me...
t
----- "I'll see your Llama and up you a Badger." John T
----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, February 03, 2006 12:08 PM
Subject: [isalist] RE: Point-to-point VPN vs. Client VPN
http://www.ISAserver.org
Even "VPN Client" rules can be source-specific. Since you know the IP range for each, you can create subnets representing each and use them in the rules to separate them from each other.
..not exactly intuitive from a user standpoint, but it's how ISA 2004 was designed and actually works pretty well. BTW, I lost the SQL bitch-list you sent me before and the folks in Haifa are interested...
------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------------------
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Friday, February 03, 2006 12:01 To: [ISAserver.org Discussion List] Subject: [isalist] Point-to-point VPN vs. Client VPN
http://www.ISAserver.org
Is there any super-secret way to present a point-to-point VPN connection to ISA 2004 differently than a regular client VPN connection, or are we forced to treat them both as "VPN Clients" and thus have everything on the client/end-point side all follow the same "VPN Client" rules?
t
----- "I'll see your Llama and up you a Badger." John T
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx