Hi Rob, In that case, terminate the VPN connection on the firewall. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Friday, March 26, 2004 9:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN on or through ISA better? http://www.ISAserver.org No. It just has one NIC on the internal network. Packets are passed through our current firewall to the VPN server. Rob -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, March 26, 2004 10:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN on or through ISA better? http://www.ISAserver.org Hi Rob, Is the VPN server a dual homed device with a NIC on the DMZ and a NIC on the Internal network? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Friday, March 26, 2004 9:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] VPN on or through ISA better? http://www.ISAserver.org Hello-- I'd like to ask for some advice from all of you ISA gurus. I'm in the final stages of putting my new ISA server into full production. I currently have a Windows 2003-based VPN server behind my firewall (PPTP-based, which I understand won't work with an ISA firewall). It used to get a lot of action, but thanks to some network re-configuring the VPN server now has typically about 10 clients attached at a given time. So my question is, do you think it's better to have the VPN clients connect directly to the ISA server? Or would it be better to have the VPN clients connect to a VPN server behind the firewall, like they do now (migrating to L2TP/IPSEC)? I ask from two points of view: network security-wise and firewall performance-wise. (We have a couple of hundred users behind the firewall.) Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore, MCSE Network Manager American Friends Service Committee 215-241-7870 rmoore@xxxxxxxx Our greatest glory is not in never failing but in rising every time we fall. --Confucius ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')