Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
A point-to-point tunneling protocol VPN connection is the most straightforward to set up and configure, and doesn't require an existing public key infrastructure (PKI) to be put into place, or some of the complex configuration options of the IPSec Tunnel Mode. On the flip side, PPTP VPN connections are the least secure of the three options. The following section details the steps involved in setting up a site-to-site VPN connection via PPTP. If selecting to use L2TP or IPSec Tunnel Mode, skip this section and proceed directly to the subsequent sections, "Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN Connection Between Two ISA Servers in Remote Sites" or "Configuring ISA 2004 to Integrate with Third-Party VPN Tunnel Products." Configuring the PPTP Remote Site Network Definition on the ISA Servers
The first step in setting up a PPTP site-to-site VPN Connection is to configure the remote site network definition. To do this, perform the following steps:
NOTE Remember that the remote ISA server is governed by the VPN client settings on the local ISA Server, and the local ISA Server is governed by the VPN client settings on the remote ISA Server.
Creating Network and Firewall Rules
After the site-to-site VPN settings have been enabled on both systems, the appropriate network and firewall rules must be set up to allow the connection to take place. For procedures on how to configure these rules, skip to the section of this chapter titled "Configuring Network and Firewall Rules Between ISA Site Networks." At this point, the PPTP tunnel is in place. If it's necessary to change the tunnel mode from PPTP to L2TP or IPSec Tunnel mode, the rule has to be reconfigured. |