Re: Outward VPN

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

OK, I just spoke to the other golfers and I'm in a REALLY BAD MOOD, they
didn't wait, STUFF 'EM.

I've always (well, always in this case is the very few sites I have that
require it) raised the forest functional level to allow IP to be assigned to
the user name, SO:

OHH, and please note: I'm doing this from memory, memory of rare
circumstances.

1st we create a user for the VPN. This is one of those 'let's do bad things'
moments, we don't want a 'full sbs user', we simply want an account that can
dial in. So I don't use the wizard, instead going to ADUC and creating a
user there, no mailbox, no personal folder, no groups, no permissions except
'dialin'. On the dialin tab of the user properties there is an option to
'assign IP to user' (or similar), the HELP for this item describes the
necessary change to the forest functional level.

Decide if this is the way you want to go and get this far, having a remote
user dial in and get assigned the same IP every trip, by either request or
DHCP assignment. The reason I use assignment is because I have never
explored a specific error condition:

What happens if the remote office is down and someone else gets assigned the
'request IP' via DHCP? Can such a 'request IP' be excluded from both local
and RRAS pools in order to always be available for the remote office/device?
(I believe so, just never explored it)

Get this far and we can then tell ISA how to route the remote subnet. I'll
meanwhile look at a system where I have done so, jog m' own memory.

"John" <John@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uMwjt2EOIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
In ISA/SBS 2000 you must either cause the remote router to request a
specific IP or make a change to the functional level of AD to allow the
remote router to be assigned a specific IP based on user name. You then
tell ISA to route traffic for the remote subnet via the RRAS IP.

Thanks. Is there any help available on how to do these anywhere?

Thanks again

Regards





.

Relevant Pages

  • Connecting to C: Root Remotely
    ... is setup on the remote machine and the remote machine's Administrator's ... account, but either work. ... administrator as the user name but that desn't work either. ... turned off and in the Local security policy> Users Right assignment> ...
    (microsoft.public.windowsxp.general)
  • Connecting to C: Root Throught the Network
    ... is setup on the remote machine and the remote machine's Administrator's ... account, but either work. ... administrator as the user name but that desn't work either. ... turned off and in the Local security policy> Users Right assignment> ...
    (microsoft.public.windowsxp.network_web)
  • Re: WaitForSingleObject() will not deadlock
    ... the line commented out, and assuming there is no other gratuitous assignment to x, then it ... A memory address is a memory address. ... that is awakened by that signal or broadcast. ... even if it occurs before it awakens. ...
    (microsoft.public.vc.mfc)
  • [SECURITY] [DSA 379-1] New sane-backends packages fix several vulnerabilities
    ... Problem-Type: remote ... package libsane) that can be remotely exploited. ... leaves the limits of the allocated memory. ... Alpha architecture: ...
    (Bugtraq)
  • [Full-Disclosure] [SECURITY] [DSA 379-1] New sane-backends packages fix several vulnerabilities
    ... Problem-Type: remote ... package libsane) that can be remotely exploited. ... leaves the limits of the allocated memory. ... Alpha architecture: ...
    (Full-Disclosure)