RE: Configuring ISA Server 2006 for Internal Cisco VPN Clients
- From: ElMajdal <ElMajdal@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2007 16:34:02 -0700
Will be waiting your reply.
and to have a clear point about the different ISA Server Clients Type, read
the following :
The SecureNET (SecureNAT) client A SecureNET client is a machine configured
with a default gateway address that allows Internet bound requests to pass
through the ISA Firewall. If the SecureNET client is located on the same
subnet of the ISA Firewall, then the default gateway address will be IP
address of the ISA Firewall’s interface on the same network ID as the client.
If the clients are on a remote subnet from the ISA Firewall, then the IP
address will be a router interface address that will use route outbound
requests through the ISA Firewall. While the “official” name in the ISA
Firewall documentation is SecureNAT client, it is more accurately referred to
as a SecureNET client because the Network Rule defining the connection
between a source and destination network does not have to be a NAT
relationship, it could be a Route relationship.
The Firewall Client The Firewall client is a piece of software that must be
installed on the client operating systems (the Firewall client should not be
installed on server operating systems and never on the ISA Firewall itself).
The Firewall client is a generic Winsock proxy client that intercepts Winsock
application network calls and forwards them (remotes them) directly to the
ISA Firewall. This enables the Firewall client to be transparent to the
network routing infrastructure and does not depend on default gateway or
route of last resort configuration on network routers. The only network
infrastructure requirement is that the clients have a route to the IP address
of the ISA Firewall closest to the client. The Firewall client also enables
user authentication for access control and supports secondary connections for
complex protocols when there is no Application Filter to provide that
support. In contrast, SecureNET clients must have an Application Filter in
place to support complex protocols that may require multiple primary and
secondary connections.
The Web Proxy client The Web proxy client is a machine that has its browser
configured to use the ISA Firewall as its Web proxy device. Browser
configuration can be done manually, or can be automated using the WPAD
protocol and WPAD entries in DHCP and/or DNS. The Web proxy client
configuration supports only HTTP, HTTPS, and HTTP tunneled FTP requests and
does not support FTP upload, only FTP download. Web proxy clients can
authenticate with the ISA Firewall, in contrast to SecureNET clients, which
cannot authenticate with the ISA Firewall.
source :
http://www.isaserver.org/tutorials/Definitive-Guide-ISA-Firewall-Outbound-DNS-Scenarios-Part2.html
--
_____________________________
Tarek Majdalani
Computer Engineer, CIW, MCSA: Security 2000/2003, TS: Windows Vista
MVP -- ISA Firewalls
Website : http://www.elmajdal.net/ISAServer
"y2kdad" wrote:
.
"ElMajdal" wrote:
Hi,
create a new rule
Allow > IKE Client & IPSec NAT-T Client > From Internal > To External > All
Users
make sure to configure your client as SecureNat.
HTH,
Tarek
--
_____________________________
Tarek Majdalani
Computer Engineer, CIW, MCSA: Security 2000/2003, TS: Windows Vista
MVP -- ISA Firewalls
Website : http://www.elmajdal.net/ISAServer
"y2kdad" wrote:
We sometimes have vendors onsite that connect to our LAN with their laptops.
They all have Cisco VPN clients installed to connect to their corporate
offices.
Does anyone know how to configure ISA 2006 to allow Cisco VPN clients to
connect to external VPN servers? I was told that ISA cannot do this, but I'm
sure there must be way.
Thanks in advance!
Thanks for the help! I'll try it and let you know. Also, how do I make sure
these clients are configured as SecureNAT?
Thanks!
- Prev by Date: There are no certificates configured in this server
- Next by Date: Re: VPN problem
- Previous by thread: There are no certificates configured in this server
- Next by thread: View entire network via vpn
- Index(es):
Relevant Pages
|
