Re: Best way to connect remote windows 2003 server to main office

---

• From: Ryan <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 7 Dec 2007 14:25:00 -0800

---

Phillip,

Thank you for the response, your explaination puts my mind at ease when
disabling the firewall service to enable RRAS. I am unfamiliar with
utilizing/depending on the windows firewall, normally use an appliance or
ISA. One other question, after unbinding the services you listed below from
the NIC would it provide better security if I also set IP Filtering on for
TCP/IP to only accept traffic from the external interface of my ISA server?

Thanks,

Ryan

"Phillip Windell" wrote:

Use RRAS to create a Remote Access Connetion (not site-to-site). The dialup
interface in RRAS will let you specify it as "persistant.

The Windows Firewall is no big deal. The Firewall Protects by not letting
things be available that the OS is trying to make available,...but if the OS
isn't trying to make something available that should not be available then
there is nothing for the Firewall to protect in the first place. Moral of
the story,...don't have services running on the box that you don't want
people to connect to. In the Properties of the Nic uncheck (unbind) F&P
Sharing, Client for MS Networks, QoS, etc. Just leave TCP/IP enabled and
that is all.

Get RRAS to dial the persitant connection. Use either PPTP or L2TP,..do not
use IPSec. Make sure ISA has the Access Rules in place to handle the
traffic to/from that server. From ISA's perspective this is just a Remote
Access VPN User.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Ryan" <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D7A0C5EC-4BEA-48EB-AF97-64C998F112AB@xxxxxxxxxxxxxxxx

Our main office runs ISA 2004 SP2 on Server 2003 Standard SP2 behind a
Cisco
router.

We are leasing an offsite Windows Server 2003 Standard SP2 to replicate
our
data for DR purposes. Under the current budget we can only afford a single
server and can not afford a device to run the VPN connection back to our
main
office ISA server. My question is what is the most secure and reliable
setup
with this configuration?

Would I enable RRAS on the remote server and setup a demand dial interface
with L2TP VPN back to our main office ISA server? The remote server has a
single NIC with 3 public IP's configured. If I enable RRAS I have to then
disable the Windows Firewall/ICS service, and a I lose my software
firewall.
What do I do to protect this server? In past setups I've only configured a
site to site connection to another ISA server or VPN appliance such as a
SonicWall or PIX.

My other thought was to keep the Windows Firewall in place and use the
PPTP
client that I've setup for all remote users to connect the server. This
seems
a little hokie, and also I'm not sure how I would keep a persistent
connection? Thanks in advance for you advice.

Ryan

.

---

• Follow-Ups:
  • Re: Best way to connect remote windows 2003 server to main office
    • From: Phillip Windell
  • Re: Best way to connect remote windows 2003 server to main office
    • From: Ryan Hanisco

• References:
  • Re: Best way to connect remote windows 2003 server to main office
    • From: Phillip Windell

• Prev by Date: Re: help understanding this behaviour
• Next by Date: Re: help understanding this behaviour
• Previous by thread: Re: Best way to connect remote windows 2003 server to main office
• Next by thread: Re: Best way to connect remote windows 2003 server to main office
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: 2 router to internal sbs std network ... appaers that you have set up a firewall (ISA server) on your internal network. ... > and one ont thing from the remote site i can ping the main office ... (microsoft.public.windows.server.sbs) Re: Back-to-Back Firewall Pix & ISA Server 2004 ... This firewall runs faster because it has less to do. ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... I have implemented a Setup companion of Pix as a Back-end Firewall and ISA ... (microsoft.public.isa.configuration) Re: Best practice - or Microsofts stand on AV engine on ISA servers? ... be nothing but a firewall. ... You can run a file system anti-virus very effectively on your ISA server. ... I got a question about running an Antivirus (AV Engine) on ISA 2004 or ... (microsoft.public.isa) Re: Bypass ISA? ... >> Firewall aspect of ISA Server. ... >> the Proxy Server side of things though. ... (microsoft.public.windows.server.sbs) Re: Best way to connect remote windows 2003 server to main office ... TCP/IP to only accept traffic from the external interface of my ISA server? ... The Windows Firewall is no big deal. ... Would I enable RRAS on the remote server and setup a demand dial interface ... (microsoft.public.windows.server.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.networking  > 2007-12