• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Best practice for Remote Access PPTP VPN server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Best practice for Remote Access PPTP VPN server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Best practice for Remote Access PPTP VPN server - 12.Dec.2006 4:36:28 PM   
dhampshire

 

Posts: 1
Joined: 12.Dec.2006
Status: offline
I have setup a new ISA 2006 server (Standard) The external interface has the primary IP assigned by the provider (static IP - 6MB line). I also have a /28 external netblock addresses that I can use for various purposes (FTP, eMail, OWA, etc.). For the VPN client access, does it matter if I use the primary IP on the external adaptor, or should I use one of the additional secondary addresses?

Currently it is using the Primary IP and it all works fine, but if using one of the secondary addresses is preferred I want to change it now before I roll it out to everyone else.

Thanks.
Post #: 1
RE: Best practice for Remote Access PPTP VPN server - 13.Dec.2006 6:35:03 AM   
tinto

 

Posts: 247
Joined: 9.Sep.2004
From: Italy
Status: offline
quote:

ORIGINAL: dhampshire
Currently it is using the Primary IP and it all works fine, but if using one of the secondary addresses is preferred I want to change it now before I roll it out to everyone else.


hi,
I think that using a secondary IP instead of the primary one adds just an illusion of better security. Because anyone can go to www.dnsstuff.com and see the range of IPs assigned to you, and however they are always easy to guess.

I would have liked to have the chance to reduce the vulnerability of the VPN server adding and access rule which denies PPTP Server protocol except for the remote IPs I trust. But is not, because the rule allowing PPTP connection to the ISA server is a Sistem Policy Rule, and this means 1) processed before any other manually added rule 2) not editable


Any suggestions is welcome, obviously.

P.S.: in the "isa 2006 SP1 wish list" I put 'port knocking' for PPTP (and not only)

< Message edited by tinto -- 13.Dec.2006 8:40:44 AM >


_____________________________

Tinto

(in reply to dhampshire)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Best practice for Remote Access PPTP VPN server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts