VPN Network Quarantine allows you to provide VPN clients with staged access into your network. When you enable quarantine mode, ISA Server sends all VPN clients that authenticate successfully and match remote access policies into a special network called the Quarantined VPN Clients. The VPN client runs a Connection Manager (CM) script to verify that it meets with the requirements specified by you, the administrator. If all requirements are met, the client script is verified and accepted, and is then allowed to join the VPN Clients network.
Be aware that using Quarantine on ISA Server out of the box is a time-consuming and highly technical process, as a lot of work remains to be done by the administrator. You must create the scripts, you must use the Connection Manager Administration Kit (CMAK) to create profiles, and then somehow distribute updated profiles to your clients.
Because the setup of this technology is rather involved and goes beyond the scope of this book, we are placing a white paper that details how to configure ISA Server 2004 with Quarantine at www.isamvp.org/APC.
We prefer using a solution created by ISA Server MVP Frederic Esnouf, and briefly describe how to install and configure his solution in the same white paper at www.isamvp.org/APC. You can also visit his Web site (www.esnouf.net/qss) for new releases and a lot of good information.
In addition, Windows Vista will provide this functionality when it is used with Vista Server. See http://www.microsoft.com/windowsserver2003/technologies/networking/nap for more information.
For creating a test environment in which to learn how to use Network Quarantine in Windows Server 2003, read "Step-by-Step Guide for Setting Up Network Quarantine and Remote Access Provisioning in a Test Lab" by searching for "Quarantine Remote Access Provisioning Test Lab" on the http://www.microsoft.com/downloads site.