RE: Point-to-point VPN vs. Client VPN

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 5 Feb 2006 07:32:20 -0800

That's also easy-peasey...
Unless your "outbound" rules say "anywhere" in the "to" tab, the
internal folks can't get anywhere in the VPN networks without either:
- Rules allowing traffic to them from the VPN entities 
- rules allowing them traffic to the VPN entities

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Saturday, February 04, 2006 8:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Point-to-point VPN vs. Client VPN

http://www.ISAserver.org

Cool... I'll give it a whirl.  The remote side is not so much the issue-

that's easy... It's handling the corporate side where I've got other
remote 
VPN users and such... Once I actually get into it I'm sure it will make
more 
sense...

Thx
t


-----
"I'll see your Llama and up you a Badger."
John T



----- Original Message ----- 
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, February 03, 2006 11:13 PM
Subject: [isalist] RE: Point-to-point VPN vs. Client VPN


> http://www.ISAserver.org
>
> Yes; network objects - not networks.
> You can choose from computers, computer sets, address sets, subnets,
> etc...
>
> That's kinda the reverse idea of the net-behind-a-net article on
> isaserver.org, except it's the distant side of the VPN tunnel.
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Friday, February 03, 2006 9:18 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Point-to-point VPN vs. Client VPN
>
> http://www.ISAserver.org
>
> Ah- I think I see... So, build new network objects or just keep the
VPN
> Clients object and base everything off of IP?  I can kind of see both
> ways.
> I guess the main question is how to control assets on the other side
of
> the
> point-to-point that won't show up a "VPN Clients" because they are on
> the
> internal network- is that where I would want to build separate network
> objects with a NAT relationship?  That kind of makes sense to me...
>
> t
>
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message ----- 
> From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, February 03, 2006 12:08 PM
> Subject: [isalist] RE: Point-to-point VPN vs. Client VPN
>
>
> http://www.ISAserver.org
>
> Even "VPN Client" rules can be source-specific.
> Since you know the IP range for each, you can create subnets
> representing
> each and use them in the rules to separate them from each other.
>
> ..not exactly intuitive from a user standpoint, but it's how ISA 2004
> was
> designed and actually works pretty well.
> BTW, I lost the SQL bitch-list you sent me before and the folks in
Haifa
> are
> interested...
>
> -------------------------------------------------------
>   Jim Harrison
>   MCP(NT4, W2K), A+, Network+, PCG
>   http://isaserver.org/Jim_Harrison/
>   http://isatools.org
>   Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Friday, February 03, 2006 12:01
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Point-to-point VPN vs. Client VPN
>
> http://www.ISAserver.org
>
> Is there any super-secret way to present a point-to-point VPN
connection
> to
> ISA 2004 differently than a regular client VPN connection, or are we
> forced
> to treat them both as "VPN Clients" and thus have everything on the
> client/end-point side all follow the same "VPN Client" rules?
>
> t
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2006