Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA SSL/TLS VPNs
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA SSL/TLS VPNs - 22.Feb.2008 1:17:26 PM
|
|
|
StandardGreen
Posts: 2
Joined: 22.Feb.2008
Status: offline
|
four acronyms in a row and in the same breath... top that! :)
Anyway, here's my story. I'll try to keep it short.
A fellow told me that some ISPs (namely Verizon) don't allow PPTP traffic over their residential class connections (as it's related to IPSec... I don't see how that's important, but that's what he said anyway). As such, a VPN that requires the use of PPTP cannot be made. I have not had any user complaints about not being able to connect to the VPN for that reason, but the possibility apparently exists. (Bonus question: any thought about this?)
The solution that was offered to me was to implement an SSL VPN. Not an application or session based SSL VPN, but a true-blue network level VPN based on SSL/TLS. I read a bit about it here: http://www.sans.org/reading_room/whitepapers/vpns/1459.php
Sounds good, but does anyone here have any experience with setting up such a thing on ISA 2004? I was considering OpenVPN as an alternative.
Thanks for your time,
|
|
|
|
RE: ISA SSL/TLS VPNs - 23.Feb.2008 12:25:55 AM
|
|
|
ferrix
Posts: 363
Joined: 16.Mar.2005
Status: offline
|
That old story about VPN traffic breaking was true maybe 5 years ago way more than today. I can't speak about verizon personally though.
The Microsoft IAG can do all your SSL VPN needs. I have used openvpn myself in the past (works just fine), but never tried it in combination with ISA.
|
|
|
|
|
RE: ISA SSL/TLS VPNs - 23.Feb.2008 8:09:23 PM
|
|
|
StandardGreen
Posts: 2
Joined: 22.Feb.2008
Status: offline
|
Concerning PPTP being blocked, I kinda suspected that the infromation was faulty somehow. It seems that in this day and age of nearly ubiquitous VPN usage if any ISP blocked VPN protocols, they'd have a subscriber revolt of significant porportions.
Thanks for the tip about IAG. I'll look into it. I had alwaysa heard about IAG, but never knew what it could do since I don't touch web stuff much.
Back to the fun...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
