Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Max VPN users on Internal

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Max VPN users on Internal Page: [1]
Login
Message << Older Topic   Newer Topic >>
Max VPN users on Internal - 27.Jun.2008 3:09:59 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Hi all ISA genius
I need some one give me an idea on the max no. of users can connected to the internal network
There is no NAT or WEB or FIREWALL clients on the internal network , only VPN Clients  
And what is the pressure on the ISA Server
 
Regards
 

< Message edited by IQ TECHNOLOGY -- 27.Jun.2008 3:11:19 AM >

_____________________________

IQ TECHNOLOGY
Post #: 1
RE: Max VPN users on Internal - 27.Jun.2008 9:10:42 AM   
paulo.oliveira

 

Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

you can view the number os simultaneous connection by going to Virtual Private Network (VPN) - VPN clients tab and click Enable VPN Client Access.

Regards,
Paulo Oliveira.

(in reply to IQ TECHNOLOGY)
Post #: 2
RE: Max VPN users on Internal - 28.Jun.2008 3:20:47 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Thanks Paoulo for your replay

Im asking for ISA VPN user limet

im planning for new ISA server installation  for new company and i need to know tne max users no. can connected to the server at the same time .... it means
20 user max  ?
or 100 user max ?
or 1000 user max ?

it important to know the max limet , becouse if it not enough for the feuture i have to find another sollution 

Regards

_____________________________

IQ TECHNOLOGY

(in reply to paulo.oliveira)
Post #: 3
RE: Max VPN users on Internal - 28.Jun.2008 3:13:57 PM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:



Q.How many concurrent connections are supported by ISA Server VPN?

A.For ISA Server 2004 Standard Edition, the number of concurrent VPN remote access connections is limited to 1,000. This limitation exists even if you install the product on a Windows operating system that supports more than 1,000 concurrent VPN connections.



Source : http://www.microsoft.com/technet/isa/2004/plan/faq-vpn.mspx

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to IQ TECHNOLOGY)
Post #: 4
RE: Max VPN users on Internal - 29.Jun.2008 2:55:06 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Tarek thanks for your replay
 

You have a lot of experiences in ISA server and also you have a nice and useful site

About my question , I reed this limit of 1000 user in one of tom shnider  books  , I'm going to do this on the Internal network … are this the same  situation ??

Do you think its good idea to connect all user to ISA server by the VPN Clients instead of NAT and WEB and FIREWALL Clients ???

Because it easy to make VPN connection and joining the domain not required and very secure and very good control on user by user name and password which I failed to do it with firewall clients 

Regards  

< Message edited by IQ TECHNOLOGY -- 29.Jun.2008 3:19:08 AM >

_____________________________

IQ TECHNOLOGY

(in reply to elmajdal)
Post #: 5
RE: Max VPN users on Internal - 29.Jun.2008 4:19:24 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		Hi,

Thanks for your feedback

Regarding your case, who are these clients ?  are they your corporate users ? or you distribute Internet to your neighboors and want to use ISA so that users dial into it and start using internet ?

< Message edited by elmajdal -- 29.Jun.2008 4:21:05 AM >

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to IQ TECHNOLOGY)
Post #: 6
RE: Max VPN users on Internal - 29.Jun.2008 5:35:54 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Hi Tarek

These users are my clients in my internet café , and they are around 100 user and there is files server on the same network
I try this configuration and its seems good in testing , but I cannot make it on the real world without be sure it will work fine
And I do that because I could not control the firewall clients on my network
 
Thanks and waiting your replay  

_____________________________

IQ TECHNOLOGY

(in reply to elmajdal)
Post #: 7
RE: Max VPN users on Internal - 29.Jun.2008 5:44:34 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		Having a 100 users is a good reason to have a domain controller to control all these users/machines from a single point.  And if you have a domain, and your clients  machines joined to the same domain as ISA Server is joined to, then you can easily install the firewall client via group policy and you can set the firewall client to autoconfigure your proxy settings. check this article  : http://www.isaserver.org/tutorials/Configuring-WPAD-Support-ISA-Firewall-Web-Proxy-Firewall-Clients.html

quote:

And I do that because I could not control the firewall clients on my network

You Install the firewall client on a workroup machines, if you want to use the firewall client on a workgroup machines, then you will need to mirror the accounts on the client machine with ISA Server machines.

that is, if you have a client machine with the follow credentials

user : elmajdal
pass: elmajdal222

then on isa server machine you will need to create a local account with the following credentials


user : elmajdal
pass: elmajdal222


hope its clear now.

Thanks,
Tarek

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to IQ TECHNOLOGY)
Post #: 8
RE: Max VPN users on Internal - 29.Jun.2008 6:03:52 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Tarek   
I have the Domain controller  and AD and Files server on a single machine
and the ISA on another machine  …..
Are you mean that when a user login to its local machine , and this machine must be locked by a username and a password  at windows starting  , and I must have the same username  and password  in my AD to that user  ??
And if that is true , when I disable or remove that  user from my AD , it will not be able login to my network again ?

_____________________________

IQ TECHNOLOGY

(in reply to elmajdal)
Post #: 9
RE: Max VPN users on Internal - 29.Jun.2008 6:33:54 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		mmm so you already have an AD, are the clients joined to the domain ? if yes and the users are logging into the machines users domain credentials , then no need to mirror the accounts.

I was telling you that you will need to mirror the account if you don't have AD and your ISA Server & Clients are all in a workgroup. Now all what you have to do is to creat username and password usign AD, and then users will be able to logon to machines using domain credentials.

Now that you have Active Directory and i assume ISA & client are joined to the same domain, then you are much better now than i thought. more info here : Debunking the Myth that the ISA Firewall Should Not be a Domain Member

quote:

I have the Domain controller  and AD and Files server on a single machine
and the ISA on another machine  …..


Thats great.


quote:

when I disable or remove that  user from my AD , it will not be able login to my network again ?


Sure.


_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to IQ TECHNOLOGY)
Post #: 10
RE: Max VPN users on Internal - 29.Jun.2008 11:03:07 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Thank you tarek
 
I think I’m get the idea now , and I can now test some setting and see what I can get
One thing and I will get the hole picture
I have AD on a DC machine and ISA on another , and ISA and client are joined to the domain
 
Please give me the steps with  some details for adding new firewall clients user
Like :
1-      Install the firewall software
2-      Make new user in the AD
Ets ……..
But please in the right sequence
That all what I need for now
And again thanks a lot for your powerful  assistance    

_____________________________

IQ TECHNOLOGY

(in reply to elmajdal)
Post #: 11
RE: Max VPN users on Internal - 29.Jun.2008 9:10:46 PM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		Lets start with the ISA part.

How to automatically deploy the Microsoft Firewall client

Configuring WPAD Support for ISA Firewall Web Proxy and Firewall Clients

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to IQ TECHNOLOGY)
Post #: 12
RE: Max VPN users on Internal - 30.Jun.2008 1:17:50 AM   
IQ TECHNOLOGY

 

Posts: 22
Joined: 27.Jun.2008
Status: offline 		Thank you tarek
Believe me all these article I reed it before also Tom Schneider books and Trainsignal CDs and MicroSoft ISA setup CDs , and I’m succeed in make real ISA network
The only thing that I’m not sure about it is ,
when I give a user name and password for a client and he install the software and make the right configuration , where or how he should  use that password to login to the network ????? 
where should he put it ?????????   defiantly  it should on some where on its PC     
this point nobody absolutely explain it directly      
Thanks    

_____________________________

IQ TECHNOLOGY

(in reply to elmajdal)
Post #: 13
RE: Max VPN users on Internal - 30.Jun.2008 5:44:21 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		The username and password are the one created in the domain controller and used to Logon to the Client machine.

You said you have a domain controller. isa server and client are joined to it right ?

how are you logging to these machines ? using local credentials or are you creating the required credentials to LOGON to the machine using Active Directory Users & Computers on the Domain Controller
 
This will tell you how to join a machine to the domain : Join the Computer to the Domain

and this article will tell you how to create a new user in AD  : Create a User Account in Active Directory Users and Computers



as mentioned before, these credentials are the one used to logon to the client machine.

if you set the client as web proxy client, and set the proxy setting to point to ISA Server, then a pop up message will request from you to enter your credentials.

and on ISA Server, instead of using ALL Users ( anonymous connection ) you can replace it with user/groups from AD.

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to IQ TECHNOLOGY)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Max VPN users on Internal Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts