Re: VPN Configuration Issues

From: Nathan B [MSFT] (nbigman_at_online.microsoft.com)
Date: 01/16/05 

Date: Sun, 16 Jan 2005 12:25:29 +0200

For a start, there are some examples of firewall policies in the document
"Site to Site VPN in ISA Server 2004". The document is available on the ISA
Server Guidance Page
(http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp_) under
"VPN". 

-- 
Nathan Bigman
ISA Server Product Team
Please do not send email directly to this alias. This alias is for newsgroup 
purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
"gtmtnbiker98" <gtmtnbiker98@discussions.microsoft.com> wrote in message 
news:98F24FB6-3800-4DDF-83E7-A93A28E876CC@microsoft.com...
> Hello:
>
> I'm new to ISA Server 2004 and after installing the application, 
> everything
> appears to be going smooth.  However, I am experiencing difficulty
> configuring my VPN setup.
>
> First thing, I can reliably establish a VPN connection with the server -
> receiving accurate DHCP information from the ISA Server. But, I cannot 
> access
> anything beyond the initial connection. I realize that I have to create
> firewall rules to enable internal connectivity; however, I am unsure as to
> how I may accomplish this task without jeopardizing my network security.
>
> I am seeking a VPN connection that will afford the ability to browse
> internal network shares, connect to our Exchange Server for Exchange mail 
> and
> calendar access and to be able to establish RDP connections to my network
> servers for remote server management.
>
> Question: What rules must I configure to accomplish this? My network is a
> dual homed network consisting of an internal network protected by a 
> perimeter
> ISA Server 2004 firewall. I have configured a VPN Users group in Active
> Directory and as previously stated, I can reliably connect to the server.
>
> Any help would be appreciated.
>
> Thanks.
>

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2006 Basic Configuration
    ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... The routing table for the network adapter Internal ...
    (microsoft.public.isa.configuration)
  • Re: ISA 2006 Basic Configuration
    ... Does the AD/DNS Server have the ISP's DNS properly configured as a Forwarder? ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, ...
    (microsoft.public.isa.configuration)
  • Re: VPN clients unable to connect to other resources.
    ... on the SBS 2003 server just not sure where to go for help on it. ... Next time I'm at my home PC, I'll VPN in and see what IP info I'm getting ... client PC on your LAN, you should be able to do so from a remote VPN client, ... get the network path was not found. ...
    (microsoft.public.windows.server.sbs)
Loading