Configuring ISA 2004 to Integrate with Third-Party VPN Tunnel Products

Previous page
Table of content
Next page

If the remote network is connected to a non-Microsoft third-party VPN product, the IPSec Tunnel Mode option is the only protocol that can be supported. Fortunately, using IPSec Tunnel mode to set up a remote site network is relatively straightforward.

Setting Up an IPSec Tunnel Mode VPN Connection

As with L2TP over IPSec protocol methods, IPSec in tunnel mode can be set up to use either certificates based authentication or shared-key methods. The same security concepts apply for this scenario as well, and the pre-shared key is inherently less secure than a certificates-based approach. That said, certain third-party products may only support shared key, and ISA supports either implementation.

Configuring the Third-Party VPN Site

To use the IPsec tunnel mode to define a remote site, perform the following steps on the local ISA Server:

1.

Open the ISA Server Management console.

2.

Select the Virtual Private Networks (VPN) node from the console tree.

3.

Select the Remote Sites tab from the Details pane.

4.

Select Add Remote Site Network from the Tasks pane.

5.

Enter the name of the connection in the Network Name field; for example, enter Toronto and click Next.

6.

Select IP Security protocol (IPSec) tunnel mode, as shown in Figure 10.11, and click Next to continue.

Figure 10.11. Creating an IPSec tunnel mode remote site for third-party VPN support.


7.

Enter the remote IP address of the VPN third-party gateway and enter the local VPN gateway IP Address. Click Next to continue.

8.

On the IPSec Authentication page, enter whether to use certificates or a pre-shared key for authentication. In this example, a pre-shared key is entered. Click Next to continue.

9.

Add the network ranges of the remote network. For example, use 10.10.20.0 as the starting address and 10.10.20.255 as the ending address.

10.

Click Finish, Apply, and OK to save the changes.

Configuring the Third-Party VPN Server

After ISA has been configured with the information of the remote site VPN server, that server then needs to be configured to recognize ISA as a VPN gateway as well. This process varies between the various ISA VPN products, so it is recommended to consult the documentation of the product in question on how to set up an IPSec tunnel back to the ISA Server.

As with PPTP and L2TP connections, network and firewall rules must be set up between the newly configured networks to make sure that traffic can properly flow between them.


    Previous page
    Table of content
    Next page
    Microsoft Internet Security and Acceleration ISA Server 2004 Unleashed
    Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
    ISBN: 067232718X
    EAN: 2147483647
    Year: 2005
    Pages: 216
    Authors: Michael Noel
    BUY ON AMAZON
    CompTIA Project+ Study Guide: Exam PK0-003
    Absolute Beginner[ap]s Guide to Project Management
    Snort Cookbook
    Developing Tablet PC Applications (Charles River Media Programming)
    Postfix: The Definitive Guide
    PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy