• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IPSec VPN client document still the way to go with ISA 2006?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> IPSec VPN client document still the way to go with ISA 2006? Page: [1]
Login
Message << Older Topic   Newer Topic >>
IPSec VPN client document still the way to go with ISA ... - 23.Mar.2007 5:12:11 AM   
lowie

 

Posts: 2
Joined: 7.Dec.2006
Status: offline
Hi,
 
I saw the reference to a Ms Kb 812076 "How to enable a Cisco IPSec VPN client to connect to a Cisco VPN"
http://support.microsoft.com/?id=812076
 
Is the Kb still the best way to go if you have a ISA 2006 with a Cisco ASA 5020 or are there beter ways to allow VPN clients (IPsec) to our company network?
 
I also configured my ISA 2006 server as a edge firewall but the Cisco ASA is our first line of defence, behind the ASA is a screened network (dmz) where the ISA server is the second line of defence for our company network.
 
Is it better to configure the ISA server as a back firewall or not and why should I do this or not?
 
Thanx,
Louis
Post #: 1
RE: IPSec VPN client document still the way to go with ... - 23.Mar.2007 6:25:23 AM   
matheesha

 

Posts: 23
Joined: 11.Mar.2007
Status: offline
That KB has been written for organisations that use ISA as their firewall (possibly the only firewall) and for individuals that are connecting from inside the ISA to an outside 3rd party org's Cisco VPN concentrator.

I'll give you a real world example. I have a ISA server implementation at home and our customer has a complex Cisco based VPN solution. I connect to this network from home and so I have an access rule  that allows IKE-Client (UDP 500 send receive) and IPSec NAT-T Client (UDP 4500 Send receive) explicitly from my laptop (the laptop's IP is reserved in DHCP at home) to connect to the customer's VPN concentrator. I didnt need UDP 10000 in the access rule but YMMV. You'll see if this protocol is necessary in the ISA server logs and any network traces you do from the Cisco VPN client.

I have no knowledge of CIsco products but I am sure its been purchased to satisfy some requirements at your org. Therefore I assume you may have a policy of "if it aint broke dont fix it". I.e. Keep what you already have and supplement with anything else such as ISA.

ISA is enterprise level technology and more than capable of securing your org. MS use it exclusively (Tom Shinder recently blogged this fact). Without knowing your exact reasons for purchasing ISA, it will be hard to make recommendations. But you can certaintly run it as a Back firewall (front been Cisco).

(in reply to lowie)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> IPSec VPN client document still the way to go with ISA 2006? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts