Welcome to ISAserver.org

ISA 2006 - Routing and Remote Access

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> ISA 2006 - Routing and Remote Access

Page: [1]

Message

<< Older Topic Newer Topic >>

ISA 2006 - Routing and Remote Access - 11.Aug.2009 11:34:09 AM

iPhrankie

Posts: 5
Joined: 10.Aug.2009
Status: offline

Hello Everyone,

Does anyone know of a good tutorial on setting up VPN for client access in ISA 2006? I have everything working but some areas of the configuration are confusing.

For example:

In ISA, under the VPN properties there is an option to select DHCP or create a static mapping. Isn't this usually controlled by a Routing and Remote Access policy? Which one takes precedence?

In ISA, under the VPN properties there is an option to select the RADIUS server. However, this option is also in the Routing and Remote Access policy. Why does it need to go in both places?

I'm used to the ISA 2000 VPN configuration where Routing and Remote Access is more dominant. These duplication of settings are throwing me off.

Thanks.

Post #: 1

Featured Links*

RE: ISA 2006 - Routing and Remote Access - 11.Aug.2009 11:51:37 AM

DEVLAVI

Posts: 115
Joined: 16.Jul.2009
From: Bangalore, India
Status: offline

Remember one thing
You are not supposed to directly edit any setting in RRAS console while using ISA.
All the configurations has to be done in the ISA console and it will Reflect in RRAS
Basically ISA controls Every bit of RRAS

Regarding the address assignment, If you have a DHCP server on the network you could use it to assign IP addresses else mention a static pool in ISA console not in RRAS
Same is true For RADIUS, if you have working RADIUS server specify it in ISA.

HTH,
DEV

(in reply to iPhrankie)

Post #: 2

RE: ISA 2006 - Routing and Remote Access - 11.Aug.2009 12:10:13 PM

iPhrankie

Posts: 5
Joined: 10.Aug.2009
Status: offline

Ok, looks like I need to go back and remove the policy in RRAS that I manually created. Then go to ISA and specify the settings and hope it creates the corresponding RRAS policy.

Do I still need to manually create the firewall rule for the VPN clients that allow them communicate with internal resources once they are connected?

(in reply to DEVLAVI)

Post #: 3

RE: ISA 2006 - Routing and Remote Access - 11.Aug.2009 1:20:15 PM

DEVLAVI

Posts: 115
Joined: 16.Jul.2009
From: Bangalore, India
Status: offline

Instead of removing Disable RRAS and reboot the ISA box.
At startup ISA will configure RAS. After the reboot verify VPN settings and make changes in ISA console only, if you need to do so.

Yes, The Access rules has to be configured to allow communication b/w VPN clients network and Internal network

(in reply to iPhrankie)

Post #: 4

RE: ISA 2006 - Routing and Remote Access - 12.Aug.2009 7:20:18 PM

iPhrankie

Posts: 5
Joined: 10.Aug.2009
Status: offline

Excellent. I'm up and running.

Thanks for pointing me in the right direction.

(in reply to DEVLAVI)

Post #: 5

RE: ISA 2006 - Routing and Remote Access - 16.Aug.2009 11:22:54 AM

DEVLAVI

Posts: 115
Joined: 16.Jul.2009
From: Bangalore, India
Status: offline

Well, You are welcome. Glad to hear that helped

DEV

(in reply to iPhrankie)

Post #: 6

RE: ISA 2006 - Routing and Remote Access - 16.Sep.2009 3:07:58 PM

tad_braun

Posts: 101
Joined: 31.Dec.2003
Status: offline

I had the same questions and I have followed this thread, but my VPN clients still get stuck on verifying username and password.

I notice you mentioned disabling RRAS. Do you mean go into Services on the ISA box and literally stop and disable the RRAS service? Doesn't ISA use it?

(in reply to DEVLAVI)

Post #: 7