We recently acquired a small consulting company (5 people now, but could grow) and we would like to make them into a branch office. Currently we have our own AD with a 3 DC's (2 2008 servers and 1 2003 server) and Exchange 2007, file servers, SQL servers, etc. and an ISA 2006 EE server. All works great.
So I'd like to setup a branch office connection between our main office and this branch office. I wanted to use ISA 2006 but it won't run on Windows 2008 so I'm going to go with TMG on Windows 2008 (64 bit of course). Is it possible to do the branch office VPN between an ISA 2006 server and a TMG server. I'm assuming it is but just wanted to check, and see if there is anything I should be aware of.
Also, I'm debating with whether to put a RODC at this branch office to handle their DNS, DHCP stuff. If I don't put a RODC I'm guessing I'd need to setup the branch offices DNS, DHCP to point to our local DNS, DHCP servers which seems like it might be a little bit slow.
Thanks for the information. Are there any howto guides here (isaserver.org) that describe how to setup an VPN site-to-site between ISA and TMG? I've found ISA to ISA but haven't found any for ISA to TMG.
And thanks for the info about TMG SP1. I was actually going to have a seperate machine be the RODC as I know that you originally couldn't install TMG on a RODC. But mabye now I'll just put both on the same machine. I know you aren't supposed to do that but it makes things simplier in terms of the number of machines that we have to deal with in the branch office.
From: Amazon, Brazil
the procedure does not differs much from ISA, you should have no problems to set it up.
About ISA/TMG co-location with a DC, it is not best practice, however, there are needs from customers to reduce cost and effort on branch offices. So, you can do it based on the policies I explained on my blog.