Re: Valid scenario for ISA 2004 Site to Site Deployment?

Woo Hoo!

I got it working using RRAS on the hosted server by using a Demand Dial
connection back to the FQDN of the corpnet. I made this a persistent
connection like you described. In the Advanced TCP/IP properties for that
connection I set it to update Register this connection's address in DNS
which is working well. I think a big key was removing the DD interface on
the ISA / RRAS server which was creating too much confusion for me. Maybe
it can be done that way but this will work just fine.

I can ping all machines on the corpnet from the hosted server while
connected, but I cannot ping the hosted server from any machine in the LAN
except from the ISA / RRAS server where the hosted server is connected over
VPN. I thought I'd do some further testing and come to find out I can't
ping any client that is VPN'd into the corpnet, except again from that ISA /
RRAS server.

I should be able to crack this one now that I got the server connected - thx
for the help and assurance!

Gaylen


"Gaylen Michael" <gaylen_nadaspam_michael@xxxxxxxxxxx> wrote in message
news:epfY3rAwGHA.3392@xxxxxxxxxxxxxxxxxxxxxxx
You don't mean a standard DUN VPN connectoid though right? I have created
that already for the server and that's what I used to VPN into the domain
when I added the machine to the domain, however there's no way for me to
keep that connection alive after logging out of the RDP session...no way I
know of at least.

You mean a RRAS VPN but not a Dial on Demand connection right?

Is there anything I need to do on my RRAS / ISA server on the corpnet, or
is it set to go already?

Thx Much

Gaylen

"Phillip Windell" <@.> wrote in message
news:OplnB0%23vGHA.1512@xxxxxxxxxxxxxxxxxxxxxxx
"Gaylen Michael" <gaylen_nadaspam_michael@xxxxxxxxxxx> wrote in message
news:%23kdd4Q9vGHA.3392@xxxxxxxxxxxxxxxxxxxxxxx
All I want to do is keep a VPN or IPSec (whatever it takes, even ISA
2004 if
need be) connection between our domain network and that hosted server
alive
so that we can manage that server in the hosted environment using the
same
GPO's and AD accounts. I have already added the hosted server to the
corpnet domain. It would be great if it would only dial on demand when
a
request was made for that netbios or fqdn of the hosted server from the
corp
net but I'd be content with an "always on" connection too if that's what
it
takes.

On our corpnet we are using RRAS (for inbound VPN clients) and ISA 2004
on
the same box which has a NIC going to the DMZ and an internal NIC to our
corpnet.

If ISA is on the same box, then you are using ISA because ISA "takes
over" RRAS and RRAS is now under the control of ISA.
Use RRAS on the Hosted Server to "dail-back" into your LAN as a VPN
Client. Note*,..this is a Remote Access VPN, not a Site-to-Site VPN.

We ran our webserver this way for years. It was remotely located at the
ISP's building. It dailed-back into our LAN using the local copy of RRAS.
The connection in RRAS was set to "persistant". We then could directly
copy files to and from the server,...use VPN,..and also could use an FTP
Client to upload to the website and could be sure that the "clear text"
method of FTP was protected inside the VPN tunnel.

We also have a remote office in the State Capitol building across from
the governor's office in which the destop machine there uses the same
method other than it is just the DUN instead of RRAS and is not a
persistant connection. But there is a "human" there to reactivate the
connection if they need to so it doesn't need to be persistant.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------







.

Relevant Pages

  • Re: RRAS on W2K3
    ... If I connect to the ISP using the RRAS ... Not much connection here. ... the same server? ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS on W2K3
    ... I get back to the server. ... If I connect to the ISP using the RRAS ... Not much connection here. ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
  • Re: server lockup issue - narrowed down
    ... SBS2003 RRAS - client PCs cannot access Internet ... fine from clients and server. ... You cannot start the Routing and Remote Access service on a Windows 2000 ... Ethernet adapter Local Area Connection 2: ...
    (microsoft.public.windows.server.sbs)
  • Re: RRAS on W2K3
    ... If I connect to the ISP using the RRAS ... Not much connection here. ... the same server? ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS on W2K3
    ... Then I have the router to redirect certain requests to the server. ... Running RRAS on a DC is certainly a bad idea, ... is the interface which has a connection to the Internet. ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
Loading