Is it possible to publish a server with strong authentication ???
My network is divided in 7 area and some area can communicate with others by virtual firewall and some area cannot communicate with others. Only 1 area can communicate with all the area. I know it's complicated but it was built this way before my time...
My ISA server as a network card in area 1 and 2. Area 2 is considered my "external" network and Area 1 is considered "internal" (Area 1 can comuunicate with all the area by virtual firewall). I want to publish a terminal server in my "inside" network to my "external" network but I want to have strong authentication for those users (in "external" network) who will use the terminal server.
Server publishing rule does not have any authentication at all.
Right now, I use my virtual firewall to authenticate but I was hoping that I could do that with ISA 2006 Enterprise.
Well let's see.. you're not talking about application layer auth it seems, but rather at a lower level. Sounds like a site-to-site VPN situation, or use IPSec. This is a bit out of my expertise so other people please chime in!
I was more looking at RADIUS for authentication... Like in a web server publishing rule, in the "listener". I was hoping that I could do the same with a server publishing rule... The users have already connected to the domain but the security team wants the area 1 VERY secur. So that's why I have to put strong authentication for every communication to this area.
As for the VPN, I did check it out a bit but it seems too much for what I want. Some users will connect to the domain using a VPN from home to area 2 and they will have to connect to another VPN to go to area 1... Sounds weird but if that's what it takes to work, I'll look into it more...
As for IPSec, it's the same for me, it's a bit out of my expertise.
You can't compare to web publishing or proxy because in both those cases the authentication is being done at the application level (meaning in HTTP)
In order to do something similar with other application protocols, you need proxy-like intelligence comparable to what is done for http. ISA doesn't have full proxies and authenticators for other protocols, so if you want those features you have to look to third party filters (we've done some of those in the past).
But if your needs can be solved by a lower layer such as IPSec or vpn link, it will sure be faster and cheaper (and also apply to all traffic over that link, instead of one protocol or the other)