VPN gw-to-gw ISA and w2k/RRAS
- From: Morvan <mmuller@xxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 09 Aug 2004 19:39:06 -0300
Hello!
I have a VPN gateway to gateway network.
ISA2k on a win2k box + RRAS(on demand VPN) with other remote w2k/RRAS (on
demand vpn) box (without ISA). It's working.
On ISA I only create a PPTP call out packet filter rule to the remote vpn
server pub IP.
In the LAT, I have only my local private ips ranges not remote VPN private
IPs.
It's one environment that I don't trust complete the remote VPN side (like
a extranet). I want that only my network users open connection with the
remote VPN (TCP/SYN=1) and remote vpn only response this connections, but
cannot open new connections.
I do it by creting filters on my local inbound RRAS/on-deman VPN iface,
filtering the tcp/sync. However I have problems with protocols like FTP,
H323 and others that negotiate dinamic ports.
ISA have application filters for some of such protocolos, like FTP. But in
my understanding ISA don't see the VPN traffic so I cannot use such
application filters advantagens. Its rigth?
I'am a little confused about how isa is integrated with the RRAS/VPN. If
Someone can suggest docs with references about I thanks!
Morvan.
Other related posts:
- » VPN gw-to-gw ISA and w2k/RRAS
