• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN Client Access and Remote Access Policy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN Client Access and Remote Access Policy Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN Client Access and Remote Access Policy - 25.Jan.2005 9:09:00 PM   
cfirtat

 

Posts: 14
Joined: 3.Sep.2004
From: California
Status: offline
Hi All,

I'm migrating from ISA2000 to ISA2004, and I'm having problems specifying Remote Access Policies in RRAS.

The problem is that ISA creates the "ISA Server Default Policy" with the groups specified in "VPN Clients Properties" and gives this policy the highest priority among the RRAS policies. Even worse, if I try to modify the policy it's reset to the default whenever the server restarts.

My goal is to give more granular VPN access rights (certain groups with certain access hours), but with the default policy auto-reset "feature" I have to delete the default policy all the time...

Any suggestions? Thx!
Cornel
Post #: 1
RE: VPN Client Access and Remote Access Policy - 26.Jan.2005 12:12:00 AM   
fesnouf@hotmail.com

 

Posts: 64
Joined: 14.Jan.2002
From: Paris
Status: offline
Hi,

As soon as you move to ISA 2004.. forget that RRAS service exists ;-)

Configure everything via ISA 2004 MMC.

To add your rules, rather than opening ports on RRAS itself, create firewall rules so you will be able to authorize protocoles (TCP ports + verbs ...) rather than just TCP ports.

If you link the firewall rule to an AD group for example, then Mr A, member of Groupe B, can use HTTP/FTP to 192.168.1.1.

I hope this helps.

Regards

Frederic

(in reply to cfirtat)
Post #: 2
RE: VPN Client Access and Remote Access Policy - 26.Jan.2005 6:35:00 PM   
cfirtat

 

Posts: 14
Joined: 3.Sep.2004
From: California
Status: offline
Thx Frederic for the reply. I agree that I have to switch my brain from "ISA2000 mode", as ISA2004 is sooo changed.

It would be nice to manage everything from within ISA, but here is an example of using RRAS: setting the idle-timeout. I don't see anywhere in ISA where you can specify this, and I *have* to use it on my network (users forget to disconnect from VPN all the time).

Anyways, for now I'll use a dummy empty group with the ISA console, and refine the RRAS properties with Remote Access Policies.

It seems to me a serious limitation, but I'm using ISA2004 for less than a week so I might be wrong...

C.

(in reply to cfirtat)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN Client Access and Remote Access Policy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts