RE: L2TP VPN
- From: Clayton Doige <clayton.doige@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 20 Dec 2005 01:16:58 +0000
Well the basic gist of things is that this particular client got burned very
badly before our company took over their IT so they are extremely security
conscious. They nearly lost $700 M US security concious.
So, rather than do the obvious thing, and enable the PDA to use Active
Sync through the ISA Server, we are trying to create a two phase
authentication scheme as best as possible. The L2TP thing has kinda gone out
the window at the moment, as there is a watchguard firewall in front of the
ISA box, and of course L2TP and NAT don't get on too well. I am still going
to try and test out the mobile access thing, only enabling the rule when I
want to test it sort of thing, and demo it to the client, let them make the
call while explaining the security implications, but yes, I was trying to
get an L2TP VPN going, and once that was up, use activesync over the VPN. I
did get PPTP working just fine, but am having a wierd issue in that any time
I try to do anything with the PDA over the VPN, the VPN drops. If I hook up
the the ISA with a windows vpn client, as in XP Network COnnection,
everything is fine, so clearly I need to be breaking and learning some more
here.
The IPAQ 6340 has L2TP as an option, and you can configure it for pre-shared
key or certificate, it is all quite straight forward, and if the ISA box was
connected straight to the net, it would be working. As it is already behind
one firewall, I can live with PPTP (I guess). I really don;t have time to
play about with NAT-T on a watchguard box LOL.
I had a look on the site today, and was searching around for things, and if
you have the following that you could provide links for that would be
greatly appreciated:
1. a PDA orientated guide to active sync over the ISA Server that
includes some of the exchange side of things from a config point of view
2. a guide to setting up this pptp vpn that references any rules I
might need to create to allow active snyc to work over a pptp von cause
clearly I am too stooppid to work it out myself ;-)
Anyhow, I shall cease to blather on.
Merry Christmas to everyone, ho ho ho and all that festive stuff. (Can I
have a year off now?)
TIA
Clayton
On 12/15/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> http://www.ISAserver.org <http://www.isaserver.org/>
> Hi Clayton,
>
> Configuration information from the server or the client viewpoint?
>
> I didn't know that Windows Mobile supported L2TP/IPSec. Debi got one of
> these for me as an early Christmas present
> http://www.vzwshop.com/samsungi730info/ but I haven't looked into the VPN
> yet. I an iPAQ 4155
> http://www.amazon.com/gp/product/B0000DBJTZ/102-5762508-4402525?v=glance&n=172282
> but
> I thought it only did PPTP.
>
> Out of curiousity, why do you want to VPN using the PDA? What type of
> access do you require?
>
> Thanks!
> Tom
>
> *
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> *
> *Book: **http://tinyurl.com/3xqb7* <http://tinyurl.com/3xqb7>
> *MVP -- ISA Firewalls
> ****Who is John Galt?*****
>
> ------------------------------
> *From:* Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx]
> *Sent:* Thursday, December 15, 2005 9:20 AM
> *To:* [ISAserver.org Discussion List]
> *Subject:* [isalist] L2TP VPN
>
>
> http://www.ISAserver.org <http://www.isaserver.org/>
>
> Hi there. I wish to use ISA 2004 as the end point for VPN connections from
> HP IPAQ hand helds using L2TP
>
>
>
> Can anyone recommend a definitive article I can follow to get the process
> correct?
>
>
>
> *Clayton Doige*
>
> IT Project Manager
>
> *C**ME Development Corporation*
>
> T: 020 7430 5355
>
> M: 07932 653787
>
> E:clayton.doige@xxxxxxxxxxx
>
> W:www.cetv-net.com
>
>
>
> ______________________________________________________________________
> This electronic mail message and any attached files contain information
> intended for the exclusive use of the person to whom it is addressed and may
> contain information that is proprietary, privileged, confidential and/or
> exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any viewing, copying, disclosure or
> distribution of this information may be subject to legal restriction or
> sanction. If you are not an addressee, please notify the sender immediately
> by electronic mail and delete the original message without making any
> copies.
> _____________________________________________________________________
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> clayton.doige@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
--
Regards,
Clayton
clayton@xxxxxxxxxxxx
http://alsipius.com
Other related posts:
