RE: Publish a VPN server / ISA 2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 22 Sep 2005 12:36:59 -0500
Hi Greg,
Ha! "hardware". Better check to see if he has an insurance policy for
data loss :)
Check the www.isaserver.org, I'm sure I did an article on publishing
PPTP servers. Make sure the downstream ISA firewall terminating the VPN
connection is a SecureNAT client of the upstream ISA firewall.
Oh, wait a minute, you're using a low security IPSec tunnel mode client.
Ouch. You need to know exactly what protocols are being used by the
vendor and how they match up with RFC. The reason why MS went with
L2TP/IPSec over IPSec tunnel mode is that they did not want to lock
people into proprietary implementation of IPSec tunnel mode, since it
was NEVER designed for remote access VPN client connections.
/off sandbox.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Thursday, September 22, 2005 12:31 PM
To: [ISAserver.org Discussion List]
Subject: Publish a VPN server / ISA 2004
I'm looking for info to publish a VPN server behind ISA 2004.
When I set up a rule to publish, the VPN client sees the sever, but can
not authenticate. The vendor tech support prefers a hardware based
firewall. How can I get around this?
The VPN server is Aruba Wireless. It allows remote Access Point
anywhere on the Internet. The AP tunnels back using IPSec, NAT-T.
TIA
greg
Other related posts:
