B2b VPN & authenticationTwo options: 1. Create a separate domain for the ISA/VPN server(s) and allow them to trust the internal domain 2. Set up a RADIUS server that is a member of the internal domain and tell the VPN server to use RADIUS auth. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: Vanvelthoven, Danny To: [ISAserver.org Discussion List] Sent: Wednesday, March 13, 2002 2:00 AM Subject: [isalist] B2b VPN & authentication http://www.ISAserver.org Hi all, I've read the article of Tom on the website about VPN's on a back to back DMZ, the tunnel trouggh the tunnel. But, I've got one question on this. Do I have to setup usernames/paswords on the external VPN for all the users who want to connect ? Their domain usernames are not available on that VPN server. Or do I have to make the DMZ a small domain, with a one way trust to the internal domain, so the usernames are known. How are you guys doing this ? Please advise. Danny View our available profiles on http://competences.CentricKsi.be ------------------------------------------------------------------------ LEGAL DISCLAIMER: The information included in this message is personal and/or confidential and intended exclusively for the addressees as stated. This message and/or the accompanying documents may contain confidential information and should be handled accordingly. If you are not the intended reader of this message, we urgently request that you notify Centric KSI immediately and that you delete this e-mail and any copies of it from your system and destroy any printouts immediately. It is forbidden to distribute, reproduce, use or disclose the information in this e-mail to third parties without obtaining prior permission from Centric KSI. We expressly point out that there are risks associated with the use of e-mail like data corruption, interception, unauthorised amendment, viruses and unforeseen delays. Centric KSI and the companies within the group shall not accept any liability whatsoever for damage resulting from the use of e-mail. Legally binding obligations can only arise for Centric KSI by means of a written instrument, signed by an authorized representative of Centric KSI. ------------------------------------------------------------------------ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')