1 / 35

Configuring VPN Gateways with ISA Server

Configuring VPN Gateways with ISA Server. Thomas W Shinder MD TACTEAM ISAServer.org. About Your Presenter. Thomas W Shinder, M.D Principle Perpetrator – www.isaserver.org Editor Sunbelt Software – WinXPNews www.winxpnews.com Editor Brainbuzz.com Network Admin Weekly

elvad
Download Presentation

Configuring VPN Gateways with ISA Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configuring VPN Gateways with ISA Server Thomas W Shinder MD TACTEAM ISAServer.org

  2. About Your Presenter • Thomas W Shinder, M.D • Principle Perpetrator – www.isaserver.org • Editor Sunbelt Software – WinXPNews • www.winxpnews.com • Editor Brainbuzz.com Network Admin Weekly • Author – Configuring ISA Server 2000: Building Firewalls with Windows 2000 • A bunch of Windows 2000 books

  3. On Tap for Today • What’s a Virtual Private Network? • Preparing the Network for VPN • VPN Servers • VPN Gateways • ISA Server’s Local and Remote VPN Wizards • Conclusions

  4. What’s a VPN • Extends the Private Network to RAS clients • Uses the Internet and the network medium • Creates a “virtual” connection to the private network • VPN clients are nodes on the private network • Supplements and replaces expensive direct dial-up hardware and telco lines Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

  5. Preparing the Internal Network for Virtual Private Networking • Name Servers • DNS • WINS • IP Addressing • DHCP • Static Address Pool • Network ID assignments • VPN authentication and accounting • Routing Protocols • Network “Browsing” • Web Proxy and Firewall client support

  6. VPN Server • Accepts calls from VPN clients • Allows VPN clients to access resources either on the VPN server only or on the internal network • Can be configured using the ISA Server VPN Client connections Wizard • A VPN Server is not a VPN Gateway Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

  7. VPN Gateways • VPN Gateways allow you to connect two networks through a VPN link • A VPN gateway is also known as a “VPN Router” • The VPN Gateway uses a virtual interface to connect to VPN gateways • Packets are routed between gateways using static routing table entries that are configured to use the virtual interface to route packets to the remote gateway • A VPN Gateway cannot connect to a VPN server and route packets between networks

  8. VPN Gateways Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

  9. ISA Server’s Local and Remote VPN Wizards • ISA Server Wizards make VPN Gateway Creation a “virtual” no-brainer! • Two Gateway Wizards • Local VPN Wizard • Remote VPN Wizard • Local VPN Wizard run at “main office” • Remote VPN Wizard run at “branch offices” • You can run the Local VPN Wizard multiple times to allow multiple remote offices access to the main office • You probably will need to do some minor “tweaking” of the VPN configuration after the Wizards have done the heavy lifting

  10. The Local VPN Wizard

  11. The Local VPN Wizard

  12. The Local VPN Wizard

  13. The Local VPN Wizard

  14. The Local VPN Wizard

  15. The Local VPN Wizard

  16. The Local VPN Wizard

  17. The Local VPN Wizard

  18. The Local VPN Wizard

  19. The Local VPN Wizard ISA Server Virtual Private Network (VPN) connection identification: dallas_abilene will be created on this router. abilene_dallas will be written to file. VPN protocol type: Use L2TP over IPSec, if available. Otherwise, use PPTP. Remote Network IP addresses range: 10.1.1.0 - 10.1.1.255. 10.255.255.255 - 10.255.255.255. Remote ISA computer configuration: IP address of this machine: 172.16.0.1. Local Network IP addresses range: 10.0.0.0 - 10.0.0.255. 10.255.255.255 - 10.255.255.255. The configuration file created for the remote ISA Server computer: a:\hqsf.vpc Dial-in credentials created: The user account dallas_abilene was created on this computer, with the password set to never expire. Note: A strong password was generated for the user account. Changes made to the password will need to be applied to the dial-on-demand credentials of the remote computer.

  20. The Local VPN Wizard

  21. The Local VPN Wizard

  22. The Local VPN Wizard

  23. The Local VPN Wizard

  24. The Remote VPN Wizard

  25. The Remote VPN Wizard

  26. The Remote VPN Wizard

  27. The Remote VPN Wizard

  28. The Remote VPN Wizard

  29. The Remote VPN Wizard Configuration read from file: ISA Server Virtual Private Network (VPN) connection identification: abilene_dallas will be created on this router. Destination address of the remote ISA Server computer: 172.16.0.1 Dial-out credentials used to connect to remote computer running ISA Server: User account: dallas_abilene. Domain name: VPN1. VPN protocol type: Use L2TP over IPSec, if available. Otherwise, use PPTP. Remote network accessible subnets: IP: 10.0.0.0, Mask: 255.255.255.0, Metric: 1 IP: 10.255.255.255, Mask: 255.255.255.255, Metric: 1 Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

  30. Remote VPN Wizard Cleanup • Configure the static address pool • Confirm the router account has been created • Confirm that the static routes have been created • Its ready! Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

  31. ISA Server VPN Gateways:Conclusions • ISA Server makes creating VPN gateways a no-brainer • ISA Server Wizards will not prepare the network for you • The VPN configuration will need to be tweaked in the RRAS console • Carefully consider your IP addressing scheme and routing infrastructure before implementing the VPN gateways • You can run both a VPN Server and a VPN gateway on the same machine • VPN gateways have no adverse affect on outbound access through the ISA Server • Consider using L2TP/IPSec to improve the stability of your link • Configure only one side to dial up! Remove credentials from the “passive side” to prevent race conditions Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

  32. Get on the ISA Server Cutting Edge

  33. For More Information • ISAServer.org Web site • www.isaserver.org • Microsoft ISA Server Web site • www.microsoft.com/isaserver • Microsoft VPN Clearinghouse • www.microsoft.com/vpn

  34. Questions? Click on the Ask a Question link in the lower left corner of your screen to ask Tom Shinder a question.

  35. Thank you for your participation!Did you like this Webcast? Send us your feedback on this event and ideas for other event topics at editor@searchwin2000.com.

More Related