RE: Standalone ISA Server and VPN
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 19 Apr 2003 12:18:59 -0500
Hi Thierry,
Good to hear you got it working. Just remember that this will only work
for your VPN connections, it won't work for inbound or outbound access
control authentication.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Terzano, Thierry [mailto:Thierry.Terzano@xxxxxxxxxxxxxxxx]
Sent: Thursday, April 17, 2003 2:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Standalone ISA Server and VPN
http://www.ISAserver.org
Hi the list,
Here we are: IT WORKS! and well!!!
So, if you are in the same situation than me, don't hesitate: install an
IAS on a secured server of your domain, configure it, and so, precise to
your ISA/VPN server that it has from now to communicate (for VPN
communication) via RADIUS and with your IAS server. It will be now your
IAS server that will perform the authentication and authorisation work.
Your VPN allowed users can now connect from outside via VPN using their
domain account.
What is great is that your ISA server isn't joined to your corporate
domain, so no explicit connection information for attacks.
Here is the doc you can download about IAS:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/
remoteaccess/ias.asp
Thanks again to Tom for the information to start my search.
Regards
;o) Thierry ;o)
-----Original Message-----
From: Terzano, Thierry
Sent: Wednesday, 16 April 2003 10:16
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Standalone ISA Server and VPN
http://www.ISAserver.org
It could be great, but I don't want to join my firewall to my corporate
domain...
That's why my question.
Tom thinks RADIUS could be a solution (thanks again), so I'm going to
invest... and tell to IsaList after if interested.
But if someone finds something else... welcome.
Thierry
-----Original Message-----
From: Mohammed Irfanullah [mailto:mirfan@xxxxxxxxxxx]
Sent: Wednesday, 16 April 2003 07:41
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Standalone ISA Server and VPN
http://www.ISAserver.org
Hi there
Your solution for the below problem is just you join this ISA server to
your Corporate domain and login with one of your login id on corporate
network
But first you have to make one group in this isa server and give rights
to use this computer and then make all users of coporate network as a
members of this group so when ever you get prompted to user name and
password it will authenticate with either server or the group you assign
in isa for authentication. And allowing access for VPN in RRAS
Hope you find it
Bye
Mohammed Irfanullah
Network Administrator
Aljol Information Technology
Poxt Box. 86
Alkhobar-31952
K.S.A.
Tel: +966-3-8894551 / 4552
Mobile :- +966 52869157
Fax: +966-3-8894542
Email :- mik228@xxxxxxxxxxx
mik228@xxxxxxxxx
-----Original Message-----
From: Terzano, Thierry [mailto:Thierry.Terzano@xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 15, 2003 5:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Standalone ISA Server and VPN
http://www.ISAserver.org
Hi Tom,
So, when I posted my question, I already performed the VPN connection
between my both ISA firewalls and they were in stand-alone mode. So
you're right, it's possible ;o))) I'm joking...
So, now, I studied your answer for the RADIUS and RRAS policy, but I
didn't really find what I'm looking for, that is: to be enable to
connect from internet to my corporate network with my domain account.
for example, I'm on the net, I just create a VPN connection on my
machine to the IP address aaa.bbb.ccc.ddd, and open it.
A popup appears asking me login/password. And that's here that I want to
fill in my domain account information (that exists on my corporate
domain protected by my ISA server).
But as my ISA server acting as a firewall isn't joined in my corporate
domain, but is in a stand-alone mode, it doesn't know this domain
account...... and here, I'm ... heu... lost.
Do you (or anybody else) know how to solve my problem?
Thanks
Thierry
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, 15 April 2003 01:55
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Standalone ISA Server and VPN
http://www.ISAserver.org
Hi Thierry,
For VPN, you don't need to join the servers to the domain, since you can
use RADIUS for authentication and RRAS policy.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Terzano, Thierry [mailto:Thierry.Terzano@xxxxxxxxxxxxxxxx]
Sent: Monday, April 14, 2003 1:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Standalone ISA Server and VPN
http://www.ISAserver.org
Hi the list,
I have a Windows 2000 domain geographically divided by 2 sites, but with
the same domain name TOTO.COM and connected each other by VPN, as I have
an ISA server in each sites.
My 2 ISA servers aren't joined to my domain, they are configured to work
on standalone mode.
Now, I'd like that my TOTO.COM domain users will be able to connect
themselves from outside to my network via VPN.
Does anybody knows what I have to configure and how to provide them such
"feature"?
Thanks
Thierry
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thierry.terzano@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mirfan@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thierry.terzano@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thierry.terzano@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
