Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hi DTB,
What do you mean by "using SonicWall with ISA?"
To answer your other question, you can install ISA Server on Windows Server 2003, but it requires some steps documented on this site and also in KB article 331062.
Thanks for your reply. I found the ISA/2003 updates - do you have any experience w/them on 2003?
Re: Sonicwall (SW) - VPNS are a new area for us, so please excuse naive questions. There are several small remote offices where we want to place low end SWs (~TELE) to allow access to corporate net and direct/local internet access. At the corporate location, we're targeting ISA as the firewall and installation of a SW corp. side VPN (~pro series > sonicwall's firewall as backup to ISA). We're trying to figure out the best way to configure ISA and SW on the corporate side.
Does ISA allow the "pass through" of transactions to the Sonicwall? Are there pros/cons to "pass through" versus going directly from SW to SW?
Would appreciate any insight/additional things to think about that you can provide.
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hello Diane,
All reports are that ISA Server 2000 runs great on Windows Server 2003. I don't run it this way myself (yet).
Regarding your other question: It sounds like you want to create site-to-site VPNs between branch offices and a central office using hardware firewalls. You could use SonicWall, Cisco PIX, or even Windows server machines running ISA Server, although that may be a bit pricy. For site-to-site VPNs, I always recommend putting the same vendors' products on each end of the VPN. Getting different vendors' stuff to work together has been, so far, an exercise in frustration.
That said, what role do you want ISA Server to play in your scenario?
Thanks for your reply. I found the ISA/2003 updates - do you have any experience w/them on 2003?
Re: Sonicwall (SW) - VPNS are a new area for us, so please excuse naive questions. There are several small remote offices where we want to place low end SWs (~TELE) to allow access to corporate net and direct/local internet access. At the corporate location, we're targeting ISA as the firewall and installation of a SW corp. side VPN (~pro series > sonicwall's firewall as backup to ISA). We're trying to figure out the best way to configure ISA and SW on the corporate side.
Does ISA allow the "pass through" of transactions to the Sonicwall? Are there pros/cons to "pass through" versus going directly from SW to SW?
Would appreciate any insight/additional things to think about that you can provide.
diane
Hi Diane,
The best solution is to put ISA Server firewalls at each site. Each site needs to be protected, and configuring gateway to gateway VPN connections between ISA Server firewall/VPN servers is a no brainer. I'm doing it in my sleep these days!
You will not be able to create the gateway to gateway VPN link to join the remote networks to the main office if you use sonicwall remotely and ISA centrally becuase they use a proprietary and insure authentication kludge for the IPSec tunnel
However, I have heard that there is active work going on to support this type of scenario, because everyone wants it.
Thank you Tom and Bill. I can see we've got more thinking to do. One remote site (@8 users) already has a Sonicwall (inherited) which is why we are thinking of putting in a Sonicwall box at the Corporate site to keep vendor consistency on VPN-VPN. The other sites are small 2 person offices. The targeted role of the ISA corporate box is firewall for the corporate site and caching. Agree there is overlap between the Sonicwall box and ISA. I guess our preference is ISA, however, we have the remote Sonicwall so, we're trying to figure out how to best work with it. Perhaps we need to reconsider ISA at the corporate end, but we like the flexibility. ISA at both ends would be nice, but as noted, too expensive in this case. I appreciate your thoughts and interest.
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
quote:Diane wrote: One remote site (@8 users) already has a Sonicwall (inherited) which is why we are thinking of putting in a Sonicwall box at the Corporate site to keep vendor consistency on VPN-VPN.
I think that is a very wise move. Trying to get different vendors to work together in VPN scenarios is more trouble than it's worth.
quote:Diane wrote: The other sites are small 2 person offices. The targeted role of the ISA corporate box is firewall for the corporate site and caching.
One idea is that you could buy a couple of low-end NAT firewalls that allow multiple PPTP pass-through and just have them log onto the corporate network over the VPN. Or, if the central site supports IPSec NAT-T (Windows 2003 does; don't know if SonicWall does), you could use IPSec encryption for better security.
quote:Diane wrote: Agree there is overlap between the Sonicwall box and ISA.
Not necessarily. You could use the SonicWall boxes as VPN endpoints and ISA Server for centralized, controlled, Internet access.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Sonicwall and ISA? 
Sonicwall and ISA? - 
RE: Sonicwall and ISA? - ![[Smile]](/image/smiles/smile.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread