Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

A point-to-point tunneling protocol VPN connection is the most straightforward to set up and configure, and doesn't require an existing public key infrastructure (PKI) to be put into place, or some of the complex configuration options of the IPSec Tunnel Mode. On the flip side, PPTP VPN connections are the least secure of the three options.

The following section details the steps involved in setting up a site-to-site VPN connection via PPTP. If selecting to use L2TP or IPSec Tunnel Mode, skip this section and proceed directly to the subsequent sections, "Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN Connection Between Two ISA Servers in Remote Sites" or "Configuring ISA 2004 to Integrate with Third-Party VPN Tunnel Products."

Configuring the PPTP Remote Site Network Definition on the ISA Servers

The first step in setting up a PPTP site-to-site VPN Connection is to configure the remote site network definition. To do this, perform the following steps:

1.

Open the ISA Server Management console.

2.

Select the Virtual Private Networks (VPN) node from the console tree.

3.

Select the Remote Sites tab from the Details pane.

4.

Select Add Remote Site Network from the Tasks pane.

5.

Enter the name of the connection in the Network Name field; for example, enter Toronto and click Next.

6.

Select Point-to-Point Tunneling Protocol (PPTP), as shown in Figure 10.8, then click Next.

Figure 10.8. Using the PPTP protocol to define a remote site network.

7.

Click OK when prompted about needing to create a remote user account.

8.

Enter the IP address of the remote ISA server (for example 192.168.10.253), then click Next.

9.

Check the box labeled Local Site Can Initiate Connections to Remote Site Using These Credentials.

10.

Enter the username, domain name, and password of the local user account in the remote site that was created in the previous steps and click Next.

11.

Add the network ranges of the remote network. For example, use 10.10.20.0 as the starting address and 10.10.20.255 as the ending address.

12.

Click Finish, Apply, and OK to save the changes.

13.

Repeat the procedure on the remote site server.

NOTE

Remember that the remote ISA server is governed by the VPN client settings on the local ISA Server, and the local ISA Server is governed by the VPN client settings on the remote ISA Server.

Creating Network and Firewall Rules

After the site-to-site VPN settings have been enabled on both systems, the appropriate network and firewall rules must be set up to allow the connection to take place. For procedures on how to configure these rules, skip to the section of this chapter titled "Configuring Network and Firewall Rules Between ISA Site Networks."

At this point, the PPTP tunnel is in place. If it's necessary to change the tunnel mode from PPTP to L2TP or IPSec Tunnel mode, the rule has to be reconfigured.

    Категории