RE: My little WAN
- From: <HCALM1@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 4 Jan 2002 08:55:51 -0500
Wow! Lots of good info, couple of questions....
I was planning on using RRAS for the connections, should I go ahead and set
everything up unsecured, just to get functional, before I install ISA and
do all the other stuff?
Also, I'm using Ameritech Business DSL at my "main" location. Unfortunately
they support only NAT to give me my real ip address, is that going to
affect IPSec? NAT takes place on the router, unless there's a way to get
around that.
In ISA< I assume I will only have to allow a VPN protocol or port to pass
through, will all the traffic from the VPN be allowed (IPX traffic, game
traffice, file transfers)
I know this is going to be really hard, but I would really like to do it
all to build my skill set. We're all really excited (geeks at heart).
Thanks for all your help.
Andrew
"Gary Anderson"
<gary.anderson@w To: "[ISAserver.org Discussion
List]" <isalist@xxxxxxxxxxxxx>
anadoo.fr> cc:
Subject: [isalist] RE: My little
WAN
01/04/2002 08:04
AM
Please respond
to
"[ISAserver.org
Discussion
List]"
http://www.ISAserver.org
I'm sorry didn't read all of thread before.
Ok, here's the deal. You set up a VPN between your LANs. I've never tried
to set this up with ISA before but I understand that it would work. I've
always used Cisco, Watchguard or RRAS.
With a VPN that uses W2K, you can use PPTP or IPsec. Actually it is L2TP
with IPSec but that's another story.
IPSec creates an encrypted channel between two end points. The traffic is
encrypted and it is also verified that nothing has been modified. That
what
you can't use Network Address Translation with IPSec. You change the
source/destination address, IPSec will detect this and throw out the
packet.
Since the ISA server is your perimeter security device, it is going to go
from ISA Server to ISA Server.
To encrypt the traffic, both ends use an agreed upon method for encryption.
This can be a "shared key" or a certificate. Shared key is less secure but
it is easier to set up. Don't worry about someone determining the "shared
key". It is used to calculate another key. It is never sent in the clear
during you communication. In words, don't see it to someone via
unencrypted email while you are trying to set it up.
To avoid a lot of headaches, set up your VPN with PPTP and the change it to
IPSec. PPTP is a lot easier to set up. Once it works, try an IPSec with a
shared key. If you want to use certificates, that's ok but it is harder to
set up.
-----Original Message-----
From: HCALM1@xxxxxxxx [mailto:HCALM1@xxxxxxxx]
Sent: Friday, January 04, 2002 13:32
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: My little WAN
http://www.ISAserver.org
You mean use that with the IPSec?
Do you see any security issues with this. I'm not sure how to configure
ISA, since I don't want to block RPC services. I guess I have to tell ISA
that the VPN connections are somehow part of the lan.... ???
"Gary Anderson"
<gary.anderson@w To: "[ISAserver.org
Discussion List]" <isalist@xxxxxxxxxxxxx>
anadoo.fr> cc:
Subject: [isalist] RE: My
little WAN
01/04/2002 06:47
AM
Please respond
to
"[ISAserver.org
Discussion
List]"
http://www.ISAserver.org
It's a password or even a phrase that both ends of the connection know.
-----Original Message-----
From: HCALM1@xxxxxxxx [mailto:HCALM1@xxxxxxxx]
Sent: Friday, January 04, 2002 12:27
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: My little WAN
http://www.ISAserver.org
What is a "shared secret" ?
-Andrew
"James McDonald
(IS)" To: "[ISAserver.org
Discussion List]" <isalist@xxxxxxxxxxxxx>
<James.McDonald@e-pr cc:
ofile.com> Subject: [isalist] RE:
My
little WAN
01/03/2002 02:28 PM
Please respond to
"[ISAserver.org
Discussion List]"
http://www.ISAserver.org
I would recommend you use IPsec and a shared secret for a secure tunnel
between your machines. Create filters that allow only the machines you
want
to include in your forest to connect threw your ISA servers
Good luck, You've got allot of work ahead.
-----Original Message-----
From: HCALM1@xxxxxxxx [mailto:HCALM1@xxxxxxxx]
Sent: Thursday, January 03, 2002 12:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] My little WAN
http://www.ISAserver.org
I'm settin up four servers... kind of an experiment. We all have high
bandwidth connections so we decided to create one domain forest, and all of
us will have our own domain within to manage. We want to set up active
directory replication and general connectivity using Routing and Remote
Access to create VPN connections. Probably all connected to one server, the
first one in the forest. Security with ISA is agreed upon, but how to
configure is up for much debate. We want security but we want to be able to
function as if we were on a LAN together (share files, use DFS, play games
even).
Any suggestions or input from anyone that would help us with this
experiment?
Thanks,
andrew
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
james.mcdonald@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
***************************************************************************
This electronic mail transmission contains confidential and/or privileged
information intended only for the person(s) named. Any use, distribution,
copying or disclosure by another person is strictly prohibited.
***************************************************************************
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
hcalm1@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gary.anderson@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
hcalm1@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gary.anderson@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
hcalm1@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
