Re: Configuring ISA 2004 VPN behind a sonicwall

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Thanks Phillip,
If you preach ISA, then how can one prove the vulnerability of Windows OS
that ISA sits on. Number 2, would you suggest I use PPTP or L2TP/IPSec.?

Anyway, I have successfully implemented my scenario using PPTP but want to
change to L2TP/IPSec but need to research if Sonicwall has L2TP/IPSec
VPN-Passthrough.

I have heard that ISA is a better product but need to prove it. Would you
please help me with any link to substantiate the triumph of ISA over other
VPN Concentrators?

Cheers

"Phillip Windell" wrote:

Ain't gonna happen (with the sonicwall being the VPN device).
What you have is a Back-to-Back DMZ between the ISA and the
sonicwall,...currently the VPN users are simply VPN'ing into and becoming
part of the DMZ which is pretty much useless.

ISA needs to *be* the VPN Server,...not the sonicwall. The sonicwall needs
to have the ability often refered to as "VPN-Passthrough" to relay the
actual Tunnel itself back to the ISA so that the Tunnel terminates on the
ISA instead of on the sonicwall as it is now. I have no idea if sonicwall
has that ability.

This is why I am always preaching againt DMZs. They usually cause more harm
than good and keep the "admins" out more often than they do "hackers". I
would have simply replaced the sonicwall with the ISA, maintaining the same
Topology, and been done with it. ISA is a better product anyway.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------


"S.O.J GreatGuy" <SOJGreatGuy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:35E4F276-3493-432B-AD23-F6CEC9B0A5A3@xxxxxxxxxxxxxxxx
Presently I have Remote Access VPN clients authenticated by a sonicwall.
Also I have a site-to-site VPN from Head Office to a branch authenticated
by
ISA 2004 which is behind the sonicwall. Now I want to configure this ISA
to
also autheticate Remote Access VPN Clients. I have gone through the wizard
and some other tips on how to to this and it appears that ISA is
configured
and now ready. I tested this Remote Access from windows XP and it failed
with
error 800. Just wondering if I need to change anything(like allowing PPTP)
on
the sonicwall firewall.

Can anyone be of help please?

Thanks in advance



.

Relevant Pages

  • Re: Switching IP address ranges
    ... ISA Server performs deep inspection of Internet ... inspection of all VPN traffic. ... Forth just because SBS is cheap it does not mean is bad. ... I used to believe on solid state firewalls (which SonicWall is not) but they ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to make VPN connection to ISA 2006 Standard
    ... Router and the isa server this nat enabled, then the pptp tunnel will fail? ... If i initialize an vpn connection with a windows client, ...
    (microsoft.public.isa.vpn)
  • Re: Unable to make VPN connection to ISA 2006 Standard
    ... VPN client and the ISA. ... The PPTP filter will drop PPTP connections *any time* the PPTP VPN protocol ...
    (microsoft.public.isa.vpn)
  • Re: Bizzare ISA2004 VPN Issues, Please help
    ... If you use the Server Publish rule to publish an internal PPTP server to the internet, a socket on TCP 1723 port of ISA external ... you could still setup PPTP server on ISA and let it listen on TCP 1723. ... | - I disabled VPN client access from within ISA2004. ...
    (microsoft.public.isa)
  • Watchguard 6ct and SBS 2000
    ... I had them running a PPTP VPN to the main office and then ... the inbound email is not working. ... (External ISA) ...
    (microsoft.public.backoffice.smallbiz2000)