Chapter 9. Enabling Client Remote Access with ISA Server 2004 Virtual Private Networks (VPNs)
IN THIS CHAPTER
As the widespread adoption of high-speed Internet access and mobile computing becomes commonplace, many organizations are finding that it has become increasingly important to provide remote connectivity services to employees. At the same time, the potential threats posed by unauthorized access using these techniques have increased. It is subsequently critical to be able to allow for the productivity increases that remote access can provide while also maintaining tight security over the mechanism that is used to provide those services.
Many organizations are turning to Virtual Private Networking (VPN) solutions to provide these types of capabilities to their remote and roaming users. VPNs allow for encrypted "tunnels" to be created into an organization's network, allowing for resources to be accessed in a secure fashion. ISA Server 2004 includes robust and capable VPN support, enabling organizations to leverage these capabilities in addition to the other capabilities provided by the software.
ISA Server 2004 implements industry-standard VPN protocols to provide secure access to essential data over a public Internet connection, eliminating the need for expensive point-to-point leased connections or modem pools, and with all the security advantages that VPNs provide. In addition, deploying VPNs with ISA allows for the creation of granular rule-based access control through use of ISA's advanced firewall rule capabilities. This gives administrators control over exactly what resource can be accessed by VPN users, which they can do by creating a distinct VPN users network that can be used for the creation of firewall rules.
This chapter focuses on exploring the VPN capabilities of ISA Server 2004. Step-by-step guides are provided for deployment of ISA VPN Client networks using both Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP), and best practice design advice is presented. Automatic configuration of client VPN settings with the Connection Management Administration Kit (CMAK) is outlined as well. In addition, deploying VPNs with advanced techniques such as using PKI Certificates, RADIUS authentication, and VPN Quarantine is explored. Site-to-site VPNs for communication between branch offices is covered in a separate chapter, Chapter 10, "Extending ISA Server 2004 to Branch Offices with Site-to-Site VPNs."