Re: gateway vpn how-to?
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Tue, 16 Aug 2005 09:29:48 GMT
Dear Gary:
Sorry for the delayed response. I have just finished my test.
To answer your first question:
After configuring the "Set up Local ISA VPN Server" wizard, your previous
setting will be reserved. You don't need to worry about it. PPTP connection
from remote user will still work perfectly.
I have just performed a test for you on this question and you can refer to
the following steps (which I performed in my own test), I recommend you
follow the steps:
1. From Start->Run, type "services.msc" (without quotation mark), stop the
Routing and Remote Access and set its startup type from Automatic to
Manual. After that, reboot the server. (This step is necessary)
2. After the reboot, open ISA management console, navigate to Servers and
Arrays\Computername\Network Configuration, right-click it and choose "Allow
VPN client connections", finish the configuration afterwards. The ISA
server now acts as a VPN server and remote user can log in the server using
PPTP connection. (The RRAS service will be started and properly configured
during the setup)
3. Then finish the remaining steps of "Set up Local ISA VPN Server" (As
mentioned in my previous reply).
4. At last, we will find that individual client from remote side can still
VPN to the ISA server without any difficulties.
Hope this clarifies your concern! :-)
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Gary Karasik" <gkarasik@xxxxxxx>
| References: <e8jNFO0nFHA.2080@xxxxxxxxxxxxxxxxxxxx>
<fgPeNAXoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
<#shrpTaoFHA.3256@xxxxxxxxxxxxxxxxxxxx>
<A8VGqOgoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: gateway vpn how-to?
| Date: Mon, 15 Aug 2005 19:25:06 -0700
| Lines: 306
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| Message-ID: <ejCf4mgoFHA.2180@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 216.115.232.13
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144682
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thank you, Edward, for your helpful reply.
|
| I have two additional questions:
|
| 1: When the wizard prompts to install and start RRAS, does it in fact
change
| the RRAS settings? I ask because I have clients that log into the server
| from their home workstations using PPTP connectoids, and I am concerned
that
| if the Wizard changes RRAS, then they will no longer be able to log in.
|
| 2: All the instructions for doing this say that I must use L2TP/IPSec and
| add a certificate server. Can I do a gateway-gateway VPN using PPTP
instead
| of L2TP/IPSec?
|
| GaryK
|
| "Edward Tian" <v-edtian@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:A8VGqOgoFHA.940@xxxxxxxxxxxxxxxxxxxxxxxx
| > Dear Gary:
| > Thank you for your quick reply! :)
| >
| > To answer:"How does ISA1 find the .VPC file created on ISA2? Do I
| > physically copy it from one machine to the other?"
| >
| > Yes, you are right. You can send a mail to another office with the file
| > attached.
| >
| > To answer your second question:
| >
| > This is a normal behavior, I have performed a research on my test
| > environment. When I open ISA management console, navigate to Network
| > Configuration, right click and choose "Set up Local ISA VPN Server", I
am
| > prompted that "Routing and Remote Access must be installed. Your current
| > settings will be lost. Do you want to install Routing and Remote
Access?",
| > after click yes, I am prompt "The Routing and Remote Access service
must
| > be
| > started before the Virtual Private Network (VPN) Setup Wizard can
| > continue.
| > Do you want to start the service?". Click Yes again, ISA will do the
| > corresponding setting to RRAS and then you can configure the following
| > settings according to the instruction.
| >
| > Hope it helps. If you have further concerns, please feel free to let me
| > know.
| >
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "Gary Karasik" <gkarasik@xxxxxxx>
| > | References: <e8jNFO0nFHA.2080@xxxxxxxxxxxxxxxxxxxx>
| > <fgPeNAXoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: gateway vpn how-to?
| > | Date: Mon, 15 Aug 2005 07:23:30 -0700
| > | Lines: 165
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <#shrpTaoFHA.3256@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: 216.115.232.13
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144466
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | On ISA2, when I clidk on "Configure a Local Virtual Private
| > Network/VPN,"
| > I
| > | get a warning dialog that says, "Routing and Remote Access must be
| > | installed. Your current settings will be lost. Do you want to install
| > | Routing and Remote Access?"
| > |
| > | But RRAS is already installed.
| > |
| > | GaryK
| > |
| > | "Edward Tian" <v-edtian@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | news:fgPeNAXoFHA.940@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Dear Gary:
| > | > Thank you for posting here.
| > | >
| > | > To answer the question: "When running thw ISA VPN wizards, which is
| > the
| > | > local and which is the remote VPN?":
| > | >
| > | > Suppose ISA1 is at officeA and ISA2 is at officeB. If you want to
VPN
| > from
| > | > officeA to officeB, which means officeA initiates the dial-in
request,
| > in
| > | > this situation ISA2 will be regarded as the Local VPN server and
ISA1
| > will
| > | > be the Remote VPN server.
| > | > However, one thing I want to emphasize is that during the setup
| > process
| > in
| > | > "Local ISA VPN Wizard", on the Two-way Communication page, you will
be
| > | > prompted whether both the local and remote ISA can initiate the
| > | > communication. If you check this option, you will be no more
confused
| > by
| > | > the different roles of two ISA servers. (Either the branch office
and
| > main
| > | > office can be the Local ISA VPN server with no difference)
| > | >
| > | > I hope the above clarification addresses your concerns.
| > | >
| > | > Here I assume that clients connected to ISA1 want to VPN into the
| > network
| > | > connected to ISA2. You can do the following 2 steps:
| > | >
| > | > 1. Run the "Local ISA VPN Wizard" on ISA2 to make it a VPN server.
| > | >
| > | > The Local ISA VPN Wizard sets up a local ISA VPN server which can
| > receive
| > | > connections from a remote ISA VPN server. The wizard creates the
| > | > dial-on-demand interfaces required to receive connections from
remote
| > VPN
| > | > servers. It also configures the Internet Protocol (IP) packet
filters
| > | > required to protect the connection. It creates IP packet filters,
| > | > depending
| > | > on which protocol you select when running the VPN wizard. It also
sets
| > the
| > | > static routes to forward traffic from the local network to hosts on
| > the
| > | > remote network via the tunnel.
| > | >
| > | > As part of the process, the wizard also creates a VPN configuration
| > | > settings (.vpc) file, which will be used when setting up the remote
| > ISA
| > | > VPN
| > | > server.
| > | >
| > | > For configuration instructions, refer to the following page:
| > | >
| > | >
| >
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
| > | > ol/isa/proddocs/isadocs/CMT_H_LocalVPN.asp
| > | >
| > | > 2. Run the "Remote ISA VPN Wizard" on ISA1 to make it auto-connect
to
| > | > ISA2.
| > | >
| > | > The Remote ISA VPN Wizard sets up a remote ISA VPN server which
| > initiates
| > | > connections to a local ISA VPN server. The wizard uses the .vpc file
| > | > created at step 1 to create the dial-on-demand interfaces that are
| > | > required
| > | > to initiate connections to a specific local VPN server. It also
| > configures
| > | > the IP packet filters required to protect the connection and sets
the
| > | > static routes to forward traffic from the local network to hosts on
| > the
| > | > remote network via the tunnel.
| > | >
| > | > IP packet filters are created, depending on which protocol selected
| > when
| > | > the file was created by the Local ISA VPN Wizard.
| > | >
| > | > For configuration instructions, refer to the following page:
| > | >
| > | >
| >
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
| > | > ol/isa/proddocs/isadocs/CMT_H_RemoteVPN.asp
| > | >
| > | > Here, I would like to provide the following documents:
| > | >
| > | > Joining Networks over the Internet with a Gateway to Gateway VPN:
ISA
| > | > Server to Windows 2000 RRAS - Part 1
| > | > http://www.isaserver.org/tutorials/g2gisa2rraspart1.html
| > | >
| > | > Joining Networks over the Internet with a Gateway to Gateway VPN:
ISA
| > | > Server to Windows 2000 RRAS - Part 2
| > | > http://www.isaserver.org/articles/g2gisa2rraspart2.html
| > | >
| > | >
| > | > Hope the above information helps, if you have any questions or
| > concerns,
| > | > please feel free to let me know. I am glad to be of assistance.
| > | >
| > | > Have a nice day, Gary! :)
| > | >
| > | > Best Regards
| > | > Edward Tian(MSFT)
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | > --------------------
| > | > | From: "Gary Karasik" <gkarasik@xxxxxxx>
| > | > | Subject: gateway vpn how-to?
| > | > | Date: Fri, 12 Aug 2005 06:41:18 -0700
| > | > | Lines: 14
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | Message-ID: <e8jNFO0nFHA.2080@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: 216.115.232.13
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:143691
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hi,
| > | > |
| > | > | A client has SBS2K3 Premium in the main office (SBS/SP1/ISA
| > 2000/SP2)
| > | > and
| > | > a
| > | > | W2K/SP4/ISA2000/SP4 server in a branch office. Currently
| > workstations
| > in
| > | > the
| > | > | branch office connect via individual VPN connectors. I would like
to
| > set
| > | > up
| > | > | an ISA2000-based, gateway-to-gateway VPN connection between the
two
| > | > offices.
| > | > | Can anyone point me to a how-to on this? I've found several
entries
| > at
| > | > | ISAServer.org, but they are confusing as hell. (When running thw
ISA
| > VPN
| > | > | wizards, which is the local and which is the remote VPN?) I need
| > | > something
| > | > | more step-by-step.
| > | > |
| > | > | GaryK
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: gateway vpn how-to?
- From: Gary Karasik
- Re: gateway vpn how-to?
- References:
- gateway vpn how-to?
- From: Gary Karasik
- RE: gateway vpn how-to?
- From: Edward Tian
- Re: gateway vpn how-to?
- From: Gary Karasik
- Re: gateway vpn how-to?
- From: Edward Tian
- Re: gateway vpn how-to?
- From: Gary Karasik
- gateway vpn how-to?
- Prev by Date: Re: SBS 2003 looping
- Next by Date: Re: Error backing up the Registry
- Previous by thread: Re: gateway vpn how-to?
- Next by thread: Re: gateway vpn how-to?
- Index(es):
Relevant Pages
|
