RE: gateway vpn how-to?

Dear Gary:
Thank you for posting here.

To answer the question: "When running thw ISA VPN wizards, which is the
local and which is the remote VPN?":

Suppose ISA1 is at officeA and ISA2 is at officeB. If you want to VPN from
officeA to officeB, which means officeA initiates the dial-in request, in
this situation ISA2 will be regarded as the Local VPN server and ISA1 will
be the Remote VPN server.
However, one thing I want to emphasize is that during the setup process in
"Local ISA VPN Wizard", on the Two-way Communication page, you will be
prompted whether both the local and remote ISA can initiate the
communication. If you check this option, you will be no more confused by
the different roles of two ISA servers. (Either the branch office and main
office can be the Local ISA VPN server with no difference)

I hope the above clarification addresses your concerns.

Here I assume that clients connected to ISA1 want to VPN into the network
connected to ISA2. You can do the following 2 steps:

1. Run the "Local ISA VPN Wizard" on ISA2 to make it a VPN server.

The Local ISA VPN Wizard sets up a local ISA VPN server which can receive
connections from a remote ISA VPN server. The wizard creates the
dial-on-demand interfaces required to receive connections from remote VPN
servers. It also configures the Internet Protocol (IP) packet filters
required to protect the connection. It creates IP packet filters, depending
on which protocol you select when running the VPN wizard. It also sets the
static routes to forward traffic from the local network to hosts on the
remote network via the tunnel.

As part of the process, the wizard also creates a VPN configuration
settings (.vpc) file, which will be used when setting up the remote ISA VPN
server.

For configuration instructions, refer to the following page:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/isa/proddocs/isadocs/CMT_H_LocalVPN.asp

2. Run the "Remote ISA VPN Wizard" on ISA1 to make it auto-connect to ISA2.

The Remote ISA VPN Wizard sets up a remote ISA VPN server which initiates
connections to a local ISA VPN server. The wizard uses the .vpc file
created at step 1 to create the dial-on-demand interfaces that are required
to initiate connections to a specific local VPN server. It also configures
the IP packet filters required to protect the connection and sets the
static routes to forward traffic from the local network to hosts on the
remote network via the tunnel.

IP packet filters are created, depending on which protocol selected when
the file was created by the Local ISA VPN Wizard.

For configuration instructions, refer to the following page:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/isa/proddocs/isadocs/CMT_H_RemoteVPN.asp

Here, I would like to provide the following documents:

Joining Networks over the Internet with a Gateway to Gateway VPN: ISA
Server to Windows 2000 RRAS - Part 1
http://www.isaserver.org/tutorials/g2gisa2rraspart1.html

Joining Networks over the Internet with a Gateway to Gateway VPN: ISA
Server to Windows 2000 RRAS - Part 2
http://www.isaserver.org/articles/g2gisa2rraspart2.html


Hope the above information helps, if you have any questions or concerns,
please feel free to let me know. I am glad to be of assistance.

Have a nice day, Gary! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Gary Karasik" <gkarasik@xxxxxxx>
| Subject: gateway vpn how-to?
| Date: Fri, 12 Aug 2005 06:41:18 -0700
| Lines: 14
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e8jNFO0nFHA.2080@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 216.115.232.13
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:143691
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| A client has SBS2K3 Premium in the main office (SBS/SP1/ISA 2000/SP2) and
a
| W2K/SP4/ISA2000/SP4 server in a branch office. Currently workstations in
the
| branch office connect via individual VPN connectors. I would like to set
up
| an ISA2000-based, gateway-to-gateway VPN connection between the two
offices.
| Can anyone point me to a how-to on this? I've found several entries at
| ISAServer.org, but they are confusing as hell. (When running thw ISA VPN
| wizards, which is the local and which is the remote VPN?) I need
something
| more step-by-step.
|
| GaryK
|
|
|

.

Relevant Pages

  • Re: gateway vpn how-to?
    ... if the Wizard changes RRAS, then they will no longer be able to log in. ... Can I do a gateway-gateway VPN using PPTP instead ... > Configuration, right click and choose "Set up Local ISA VPN Server", I am ... Do you want to install Routing and Remote Access?", ...
    (microsoft.public.windows.server.sbs)
  • Re: gateway vpn how-to?
    ... Configuration, right click and choose "Set up Local ISA VPN Server", I am ... Do you want to install Routing and Remote Access?", ... started before the Virtual Private Network (VPN) Setup Wizard can continue. ...
    (microsoft.public.windows.server.sbs)
  • Re: gateway vpn how-to?
    ... Routing and Remote Access?" ... "When running thw ISA VPN wizards, ... > local and which is the remote VPN?": ... > The Local ISA VPN Wizard sets up a local ISA VPN server which can receive ...
    (microsoft.public.windows.server.sbs)
  • VPN Problems after subnet change
    ... It seems that the ISA VPN does not want to pass the 255.255.0.0 subnet ... VPN to hand out 192.168.1.x IP's, which has allowed most remote users ... to be able to connect and browse the network via IP. ...
    (microsoft.public.isa)
  • Re: VPN Probleme
    ... > Ich habe es heute nocheinmal von extern versucht, der VPN Client die IP ... du hast in der ISA VPN Konfiguration gesagt, ... Hast Du denn auch einen DHCP Server im Einsatz und im Zugriff? ...
    (microsoft.public.de.german.isaserver)
Loading