Re: Valid scenario for ISA 2004 Site to Site Deployment?
- From: "Gaylen Michael" <gaylen_nadaspam_michael@xxxxxxxxxxx>
- Date: Mon, 14 Aug 2006 20:34:34 -0500
You don't mean a standard DUN VPN connectoid though right? I have created
that already for the server and that's what I used to VPN into the domain
when I added the machine to the domain, however there's no way for me to
keep that connection alive after logging out of the RDP session...no way I
know of at least.
You mean a RRAS VPN but not a Dial on Demand connection right?
Is there anything I need to do on my RRAS / ISA server on the corpnet, or is
it set to go already?
Thx Much
Gaylen
"Phillip Windell" <@.> wrote in message
news:OplnB0%23vGHA.1512@xxxxxxxxxxxxxxxxxxxxxxx
"Gaylen Michael" <gaylen_nadaspam_michael@xxxxxxxxxxx> wrote in message
news:%23kdd4Q9vGHA.3392@xxxxxxxxxxxxxxxxxxxxxxx
All I want to do is keep a VPN or IPSec (whatever it takes, even ISA 2004
if
need be) connection between our domain network and that hosted server
alive
so that we can manage that server in the hosted environment using the
same
GPO's and AD accounts. I have already added the hosted server to the
corpnet domain. It would be great if it would only dial on demand when a
request was made for that netbios or fqdn of the hosted server from the
corp
net but I'd be content with an "always on" connection too if that's what
it
takes.
On our corpnet we are using RRAS (for inbound VPN clients) and ISA 2004
on
the same box which has a NIC going to the DMZ and an internal NIC to our
corpnet.
If ISA is on the same box, then you are using ISA because ISA "takes over"
RRAS and RRAS is now under the control of ISA.
Use RRAS on the Hosted Server to "dail-back" into your LAN as a VPN
Client. Note*,..this is a Remote Access VPN, not a Site-to-Site VPN.
We ran our webserver this way for years. It was remotely located at the
ISP's building. It dailed-back into our LAN using the local copy of RRAS.
The connection in RRAS was set to "persistant". We then could directly
copy files to and from the server,...use VPN,..and also could use an FTP
Client to upload to the website and could be sure that the "clear text"
method of FTP was protected inside the VPN tunnel.
We also have a remote office in the State Capitol building across from the
governor's office in which the destop machine there uses the same method
other than it is just the DUN instead of RRAS and is not a persistant
connection. But there is a "human" there to reactivate the connection if
they need to so it doesn't need to be persistant.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
.
- Follow-Ups:
- Re: Valid scenario for ISA 2004 Site to Site Deployment?
- From: Gaylen Michael
- Re: Valid scenario for ISA 2004 Site to Site Deployment?
- References:
- Valid scenario for ISA 2004 Site to Site Deployment?
- From: Gaylen Michael
- Valid scenario for ISA 2004 Site to Site Deployment?
- Prev by Date: Valid scenario for ISA 2004 Site to Site Deployment?
- Next by Date: Re: Valid scenario for ISA 2004 Site to Site Deployment?
- Previous by thread: Valid scenario for ISA 2004 Site to Site Deployment?
- Next by thread: Re: Valid scenario for ISA 2004 Site to Site Deployment?
- Index(es):
Relevant Pages
|
