Hi William, Don't know and if I did, I couldn't say anything. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: William Robertson [mailto:william.robertson@xxxxxxxxx] Sent: Monday, March 24, 2003 11:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org Ha, does that mean you think it may be possible in ISA Server .NET? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: 25 March 2003 03:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org Hi William, Not with ISA Server 2000. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: William Robertson [mailto:william.robertson@xxxxxxxxx] Sent: Monday, March 24, 2003 10:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org Hi there Yes, my next hurdle is in fact to start using L2TP/IPSec and I do look forward to that :) Can you perhaps tell me though, is it at all possible to "firewall" a VPN Connection? For example, I want to provide someone with the facility of connecting to my site via a VPN, but I don't want to allow him to use any protocol such as RDP, SMB etc. I would like to say even though you are connected via a VPN, you are still only allowed to use a specific list of protocols. Is this at all possible? Cheers William R. -----Original Message----- From: Jens von Bülow [mailto:jens@xxxxxxxxx] Sent: 24 March 2003 16:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org None that I am aware of, all the logic about the connection is contained in the tcp connection - PPTP just uses GRE to move the packets around... Anyone else have any comments on this? PS: An alternative would be for you to install a server and workstation digital certificate and then use the LT2P VPN connectivity between the remote user and home network... -----Original Message----- From: William Robertson [mailto:william.robertson@xxxxxxxxx] Sent: 24 March 2003 04:34 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org Hi Jens Thanks very much for your help. I didn't use your exact code as I do not have a Gateway-to-Gateway VPN, but I did do the following: access-list outside_interface permit gre any host <isa-server> Do you know of any security risks that I may be running by doing this? Cheers William R. -----Original Message----- From: Jens von Bülow [mailto:jens@xxxxxxxxx] Sent: 24 March 2003 15:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN behind PIX http://www.ISAserver.org William, By default ISA tries to establish a PPTP VPN connection Try the following on your pix access-list outside_access_in permit gre host <isa-server-1> host <isa-server-2> Regards Jens ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jens@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')