Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Using ISA 2004 as a PPTP VPN Server Pt.1 - Server Config

Sponsor

Setting up a PPTP VPN server on ISA 2004 is easy, requires no Client Access Licences (CALs) and secure. Instead of letting traffic through your firewall to the VPN server and then authenticating, no traffic gets through until the user has authenticated. ISA 2004 also supports Remote Access Quarantine, increasing security even more.

ISA 2004 includes a VPN server that supports PPTP and L2TP/IPSec VPN connections. It is compatible with most VPN clients including, of course, the built in Microsoft VPN client. It is not enabled by default, but it is simple enough to get going. Note: All the configuration is done through the ISA Management MMC. Do not configure anything via the RRAS MMC as these settings will get over written! To begin, open up the ISA 2004 Management MMC and drill down to the VPN node. In the task pane on the right, click Configure VPN Access

Under the General tab, check the box next to Enable VPN Client Access and enter the number of concurrent VPN sessions you wish to host. ISA 2004 Standard can support up to 1000 VPN sessions.

Next click the Groups tab. Here you can enter Domain groups that you wish to have VPN access. You will still need to Allow Remote Access in the users AD properties, but we will get to that later.

Under the Protocols tab, select which VPN protocol you wish to use. PPTP is supported natively in Windows XP, but there is a Microsoft LTP2 VPN client you can download as well.

Next, select the User Mapping tab. User Mapping should be used when the ISA 2004 server is a domain member and you are using RADIUS authentication for users from other domains. Enable User Mapping, check the box next to When username does not contain a domain name, use this domain and enter the domain name in the dialog box.

Now it is time to setup the Access Networks, right-click on the Virtual Private Networks (VPN) node and select Properties. Under the Access Networks tab, check the box next to External.

Under the Address Assingment tab you can select wether to use the DHCP server on the LAN, or a static pool of IP addresses.

Click on the Advanced button to specify the internal DNS and WINS server IPs if you are not pushing this information via DHCP.

Under the Authentication tab, MS-CHAPv2 will be selected by default. Here you can define a pre-shared key for L2TP, or enable EAP for Certificate based authentication.

Lastly, under the RADIUS tab, you can enable RADIUS authentication as well as add RADIUS servers to the list.

Next we will configure the VPN Access rules, enable Dial-in access for users, and test it to make sure it works!!

For more information see:

Download Details: Remote Access Quarantine Tool for Internet Security and Acceleration (ISA) Server 2004





Published Friday, January 27, 2006 5:39 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

 
 
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008