If the remote network is connected to a non-Microsoft third-party VPN product, the IPSec Tunnel Mode option is the only protocol that can be supported. Fortunately, using IPSec Tunnel mode to set up a remote site network is relatively straightforward.
Setting Up an IPSec Tunnel Mode VPN Connection
As with L2TP over IPSec protocol methods, IPSec in tunnel mode can be set up to use either certificates based authentication or shared-key methods. The same security concepts apply for this scenario as well, and the pre-shared key is inherently less secure than a certificates-based approach. That said, certain third-party products may only support shared key, and ISA supports either implementation.
Configuring the Third-Party VPN Site
To use the IPsec tunnel mode to define a remote site, perform the following steps on the local ISA Server:
Configuring the Third-Party VPN Server
After ISA has been configured with the information of the remote site VPN server, that server then needs to be configured to recognize ISA as a VPN gateway as well. This process varies between the various ISA VPN products, so it is recommended to consult the documentation of the product in question on how to set up an IPSec tunnel back to the ISA Server.
As with PPTP and L2TP connections, network and firewall rules must be set up between the newly configured networks to make sure that traffic can properly flow between them.