Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Using ISA 2004 as a PPTP VPN Server Pt.2 - Access Rules

Sponsor

In Part 1 of Using ISA 2004 as a PPTP VPN Server, we went over the server configuration to enable ISA 2004 to act as a VPN server. All that is left is to configure the access rules, and test the connection out!

To configure the access rules, open up the ISA 2004 Management MMC, right-click the Firewall Policy node and select New --> Access Rule. The New Access Rule Wizard will start. Begin by entering a name for the rule and clicking Next.

Select Allow for the Rule Option.

On the Protocols page, select All Outbound Protocols and click Next.

On the Access Rule Source page, add VPN Clients to the list and click Next to proceed.

On the Access Rule Destination page, add Internal to the List. Click Next to continue.

On the Users page, leave the default All Users and click Next. Review the the summary and click Finish.

That takes care of the Access Rule on the ISA 2004 Server, which will allow inbound traffic from VPN users to your Internal network. Outbound VPN traffic is controlled via rules the same way as you would control internal clients, however you must add the VPN clients user to the outbound rule. Now all that is left is to enable Dial-in access for the user account and test things out! Close the ISA 2004 Management MMC and open up the Active Directory Users and Computers MMC. Open up the property page for the user account and select Allow Access under the Dial-in tab. By default, all users are denied access so you will have to change this for each user who requires VPN access.

We are now ready to test the connection. Open up the Nextwork Connections applet on the XP client and create a new connection. Follow the wizard to creat the VPN connection, specifying the external IP address of the ISA server as the destination address. Once complete connect to the ISA VPN server and when you are connected, click the VPN connection icon in the tray and select properties.

Under the detaails tab you will see the servers IP address, the DHCP assigned IP address for the client, as well as the authentication method (MS-CHAPv2) and the encryption level (MPE128)





Published Monday, January 30, 2006 6:11 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

 
 
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008