Re: Suggestion needed!!

Hi Tim,
 
No problem. Check out the VPN docs over at www.microsoft.com/isaserver I
don't think they have one for Netscream, but you can check the others
and learn the general principles involved.
 
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

________________________________

From: tim S [mailto:tim724342@xxxxxxxxx] 
Sent: Friday, October 08, 2004 2:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Suggestion needed!!


http://www.ISAserver.org 
Jim,
 
I will definately make a case for ISA2004 server purchase.  But in the
meantime....
Can I use the Netscreen 5xp VPN appliance with ISA 2000 in a gateway to
gateway setup and still control what VPN users can do in internal
network?      
 
Thanks


Jim Harrison <jim@xxxxxxxxxxxx> wrote:

        http://www.ISAserver.org
        
        The best suggestion I can give is to get ISA 2004.
        ISA 2000 does not / can not place routing restrictions on
inbound VPN traffic to the Internal network.
        
        Jim Harrison
        MCP(NT4, W2K), A+, Network+, PCG
        http://isaserver.org/Jim_Harrison/
        http://isatools.org
        Read the help / books / articles!
        
        ----- Original Message ----- 
        From: "tim S" 
        To: "[ISAserver.org Discussion List]" 
        Sent: Friday, October 08, 2004 06:50
        Subject: [isalist] Suggestion needed!!
        
        
        http://www.ISAserver.org
        
        
        I have the following requirement:
        
        
        
        I have a customer who wants to setup a VPN connection using
their hardware VPN appliance to our site to access resources in three 
        internal servers. This VPN connection will be persistent. I want
to make sure that the customer can only access those three 
        servers and nothing else in the internal network. Likewise, I
don't want none of my internal users has access to those three 
        servers except four people. Also, one of those three servers
will need to have access to an SQL server in the current internal 
        network.
        
        
        
        My current network setup: I have a ISA 2000 that sits between
public internet and internal network. There aren't any routers in 
        the internal network. All internal clients and SecureNat serves
directly connect to the ISA. I have only one ISA license.
        
        
        
        I was thinking about splitting the current internal network into
two subnets (like 10.10.10.0/24 and 192.168.1.0/24) with a windows 
        2k or 2k3 router and setup packet filters on the interfaces. The
10.1.1.0/24 is current internal network. Add the new subnet ID 
        192.168.1.0/24 to the ISA LAT. I was thinking about placing
customer's hardware VPN appliance outside of ISA and let the traffic 
        through external NIC of ISA. The VPN appliance will have the
preset IP numbers that I tell them. How do I make sure that any 
        request from the customer only goes to the new subnet?
        
        
        
        If there is any simple approach, I would really appreciate your
suggestion.
        
        
        
        Thanks
        
        TS
        
        
        
        ---------------------------------
        Do you Yahoo!?
        Yahoo! Mail - You care about security. So do we.
        
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx
        
        
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tim724342@xxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx
        

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 Exchange Server Resource Site:
http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to
listadmin@xxxxxxxxxxxxx

Other related posts: