RE: VPN on or through ISA better?

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 26 Mar 2004 09:34:59 -0600

Hi Rob,

In that case, terminate the VPN connection on the firewall.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Friday, March 26, 2004 9:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN on or through ISA better?


http://www.ISAserver.org

No. It just has one NIC on the internal network. Packets are passed
through our current firewall to the VPN server.

Rob

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Friday, March 26, 2004 10:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN on or through ISA better?

http://www.ISAserver.org

Hi Rob,

Is the VPN server a dual homed device with a NIC on the DMZ and a NIC on
the Internal network?

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server:
http://tinyurl.com/1llp

 


-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Friday, March 26, 2004 9:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN on or through ISA better?


http://www.ISAserver.org

Hello--

I'd like to ask for some advice from all of you ISA gurus. I'm in the
final stages of putting my new ISA server into full production. I
currently have a Windows 2003-based VPN server behind my firewall
(PPTP-based, which I understand won't work with an ISA firewall). It
used to get a lot of action, but thanks to some network re-configuring
the VPN server now has typically about 10 clients attached at a given
time.

So my question is, do you think it's better to have the VPN clients
connect directly to the ISA server? Or would it be better to have the
VPN clients connect to a VPN server behind the firewall, like they do
now (migrating to L2TP/IPSEC)? I ask from two points of view: network
security-wise and firewall performance-wise. (We have a couple of
hundred users behind the firewall.)

Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore, MCSE
Network Manager
American Friends Service Committee
215-241-7870
rmoore@xxxxxxxx

Our greatest glory is not in never failing but in rising every time we
fall.
                       --Confucius


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » VPN on or through ISA better?
• » RE: VPN on or through ISA better?
• » RE: VPN on or through ISA better?
• » RE: VPN on or through ISA better?

1. Home
2. isalist
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---