Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Site to Site VPN with ISA 2006 article discussion
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Site to Site VPN with ISA 2006 article discussion - 18.Aug.2006 12:28:05 PM
|
|
|
EMademlis
Posts: 6
Joined: 1.Mar.2004
Status: offline
|
Hello Tom,
Very good article. It helped me clarify many options and make the right decisions.
I still have a question that other ISA firewall administrators might have as well.
It's about the VPN gateway Dial-in Account;
Does it have to be a "LOCAL" account or can it be a "DOMAIN" account?
I'm asking this because in my case the ISA boxes are AD domain member servers.
Thanks in advance for any information provided.
All the best.
EM.
|
|
|
|
|
RE: Site to Site VPN with ISA 2006 article discussion - 18.Aug.2006 2:50:35 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi E,
At the local ISA firewall, you can make the demand-dial interface account a domain account.
In a scenario where the branch office ISA firewall is a domain member, you can also make it a domain account, but you should also have a domain controller at the branch office to support this.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Site to Site VPN with ISA 2006 article discussion - 23.Jan.2008 2:35:37 PM
|
|
|
cpalmer
Posts: 1
Joined: 23.Jan.2008
Status: offline
|
Hello Tom!
First I would like to say THANK YOU for the vast amount of knowledge you are sharing with the rest of us! Although this is my first forum post, I have used your site as the one stop shop for anything "how-to" with ISA. Again, thanks!!
With regards to setting up the branch office connection between ISA 2006 EE servers. I am trying to do L2TP/IPSEC using local user accounts on both sides versus Domain accounts but one side is NLB array. What would yo put for the domain field in the User authentication for the VPN connection?
Chuck
|
|
|
|
RE: Site to Site VPN with ISA 2006 article discussion - 13.May2008 3:40:35 PM
|
|
|
jfrench
Posts: 3
Joined: 14.Aug.2007
Status: offline
|
When following the article I get to step 8: Remote Authentication page and I cannot enter the full domain name. The ISA 2006 server at the branch site is also a domain controller so I must use a domain account. The domain name box will only allow me to enter 15 characters. Is there a way around this?
|
|
|
|
|
RE: Site to Site VPN with ISA 2006 article discussion - 2.Sep.2008 8:49:54 PM
|
|
|
rogerp
Posts: 2
Joined: 2.Sep.2008
Status: offline
|
Hi,
Is split tunneling an issue in the site to site scenario?
ie. Should the branch office's default route go via the vpn, as a single remote client needs too?
If not (as seems to be often configured), why not please...
TIA
Roger
|
|
|
|
|
RE: Site to Site VPN with ISA 2006 article discussion - 4.Sep.2008 8:52:55 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi r Roger,
Split tunneling isn't really an issue like it is with a remote access VPN client configuration. Clients must access both the Internet and the main office through the ISA firewall at the branch office.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Site to Site VPN with ISA 2006 article discussion - 
Of course it's the NetBIOS name not the FQDN! Thanks for your help Tom. Without your articles and forum posts I would not have a working ISA config at all. 
