RE: Publish a VPN server / ISA 2004
- From: "Crockett, Gregory" <Gregory.Crockett@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 22 Sep 2005 15:08:15 -0500
Tom,
Thanx. The VPN server sits on an internal network behind an Internet facing
ISA 2000.
I need to use the web proxy of the isa 2000 for our wirless clients. These
clients are anonymous and filtered with Surfcontrol -- Surfcontrol does not
filter anonymous on ISA 2004. Today, I reconfigured using the article
"Configuring Remote Access VPN Servers in a Back to Back ISA Firewall
Configuration". The ISA 2000 web proxy was bypassed.
I can attach the AP to an internal network off the ISA 2004 -- no problems.
Only see problems when attaching external of the ISA 2004.
Sent email to vendor regarding exact protocol.
TIA
greg
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thu 9/22/2005 12:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish a VPN server / ISA 2004
http://www.ISAserver.org
Hi Greg,
Ha! "hardware". Better check to see if he has an insurance policy for data loss
:)
Check the www.isaserver.org, I'm sure I did an article on publishing PPTP
servers. Make sure the downstream ISA firewall terminating the VPN connection
is a SecureNAT client of the upstream ISA firewall.
Oh, wait a minute, you're using a low security IPSec tunnel mode client. Ouch.
You need to know exactly what protocols are being used by the vendor and how
they match up with RFC. The reason why MS went with L2TP/IPSec over IPSec
tunnel mode is that they did not want to lock people into proprietary
implementation of IPSec tunnel mode, since it was NEVER designed for remote
access VPN client connections.
/off sandbox.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Thursday, September 22, 2005 12:31 PM
To: [ISAserver.org Discussion List]
Subject: Publish a VPN server / ISA 2004
I'm looking for info to publish a VPN server behind ISA 2004. When I
set up a rule to publish, the VPN client sees the sever, but can not
authenticate. The vendor tech support prefers a hardware based firewall. How
can I get around this?
The VPN server is Aruba Wireless. It allows remote Access Point
anywhere on the Internet. The AP tunnels back using IPSec, NAT-T.
TIA
greg
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
