• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN Access and File logging

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN Access and File logging Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN Access and File logging - 21.Feb.2008 4:19:38 PM   
Kbalz

 

Posts: 22
Joined: 9.Jun.2006
Status: offline
This is a two part question. We have ISA Server 2006. Our topology is very simple:   Internet .. Hardware Firewall .. DMZ .. ISA Server .. Internal Domain / Network

Information:

We're running Windows Server 2003 R2 for our Domain Controller. In Active Directory we have a Security Group called "Remote Users" - The purpose of this group was to allow members to both be allowed to VPN, and Remote Desktop to workstations (if they have remote control enabled). We are not using RAS that is built into Windows Serverv 03.

So in order for me to give someone VPN access, I am supposed to add them to this security group, and in Active Directory, right click their name -> Properties -> Dial In, Allow Remote access (instead of using the RAS policy).

In ISA, under the console, ISAServer -> Virtual Private Networks.. I can click Enable VPN Client Access, this is where I see that Remote Users windows group has been added to the VPN Clients object. There is also a Firewall rule that allows VPN clients to get to the internal network.

Question 1:  The above all works fine. Today, I realized I have a VPN user, who's active directory properties are set to Allow, but he is NOT apart of the remote user's security group...  How is this possible? Is ISA really controlling who is allowed to VPN in at all? This user VPN's in just fine.

Question 2: Is there any way to track which server share files a VPN user is accessing? I can see which websites they go through when quering the logs.. but is there any way to see which Files are accessed?

Thanks
Post #: 1
RE: VPN Access and File logging - 21.Feb.2008 4:29:11 PM   
Kbalz

 

Posts: 22
Joined: 9.Jun.2006
Status: offline
I may have just answered question 1, there are 20 rules above the VPN rule in ISA, one of these rules must be letting that user VPN in even though he is not part of the Remote Users security group. I need to clean my rules up anyways.

I still could use advise on Question 2.

(in reply to Kbalz)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN Access and File logging Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts