Chapter10.Extending ISA 2004 to Branch Offices with Site-to-Site VPNs

Chapter 10. Extending ISA 2004 to Branch Offices with Site-to-Site VPNs

IN THIS CHAPTER

• Understanding Branch-Office Deployment Scenarios with ISA Server 2004

• Preparing ISA Servers for Site-to-Site VPN Capabilities

• Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote Offices

• Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN Connection Between Two ISA Servers in Remote Sites

• Configuring ISA 2004 to Integrate with Third-Party VPN Tunnel Products

• Configuring Network and Firewall Rules Between ISA Site Networks

• Summary

• Best Practices

In addition to providing for rich Application-layer firewall capabilities and content caching acceleration abilities, ISA Server 2004 also sports robust Virtual Private Network (VPN) capabililities. ISA's VPN options allow for traffic between systems to be encrypted and sent across untrusted networks such as the Internet. This allows for rich VPN client support, such as what is illustrated in Chapter 9, "Enabling Client Remote Access with ISA Server 2004 Virtual Private Networks (VPNs)."

In addition to supporting standard VPN client functionality, ISA Server 2004 also allows for site-to-site VPNs to be created, enabling an organization to eschew expensive dedicated WAN links over cheaper Internet connections, without sacrificing any security in the process.

This chapter focuses on site-to-site VPN deployment scenarios that use ISA Server 2004. It includes step-by-step information on how to set up site-to-site VPNs with various protocols, such as the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP). In addition, using IPSec Tunnel Mode for integration of ISA Server 2004 with third-party VPN solutions is covered.