Publishing a VPN Server ”Walk-through

Posted in How to ? by admin | March 1st, 2008

Rating:

(1 votes, average: 4 out of 5)

Loading ...

This walk-through guides you through the steps necessary to publish a VPN server using ISA Server 2004.
Publishing a VPN Server Walk-through Procedure 1: Configure the VPN Server

Before publishing the VPN server, you must configure the VPN server. This procedure takes place on the VPN server. To configure the VPN server, follow these steps.
1.
Install and configure the VPN server. For information about how to install and configure a VPN server, see article 323441, “HOW TO: Install and Configure a Virtual Private Network Server in Windows Server 2003″ (http://go.microsoft.com/fwlink/?LinkId=28085), in the Microsoft Knowledge Base.
2.
On the VPN server, set the default gateway to the internal interface of the ISA Server computer.

After you configure the VPN server, perform one of the following procedures, depending on what VPN server you are publishing:
•Publishing a VPN Server Walk-through Procedure 2a: Publish VPN Over PPTP
•Publishing a VPN Server Walk-through Procedure 2b: Publish VPN Over L2TP/IPSec with NAT-T
•Publishing a VPN Server Walk-through Procedure 2c: Publish an L2TP Server

Publishing a VPN Server Walk-through Procedure 2a: Publish VPN Over PPTP

To publish a VPN server, you must create a server publishing rule on the ISA Server computer. To create a server publishing rule, follow these steps.
1.
In the Microsoft ISA Server Management console tree, select Firewall Policy.
2.
In the task pane, on the Tasks tab, select Create New Server Publishing Rule to start the New Server Publishing Rule Wizard.
3.
On the Welcome page, type a name for the new server publishing rule. Use a descriptive name, such as Publish VPN server in Internal network using PPTP, and then click Next.
4.
On the Select Server page, provide the IP address of the server that you are publishing, and then click Next.
5.
On the Select Protocol page, in Selected protocol, select PPTP Server, and then click Next.

6.
On the IP Addresses page, select the network IP addresses that will listen for requests intended for the published server. Because you are publishing the server to the Internet, select External. Click Next.
Note: By default, ISA Server will listen on all external IP addresses for VPN connections. If there is more than one IP address on the external interface of the ISA Server computer, and you want to control which IP address is published for VPN access, click the Address button to open the External Network Listener IP Selection dialog box, where you can choose to listen on specific IP addresses.

7.
Review the information on the wizard summary page, and then click Finish.
8.
In the Firewall Policy details pane, click Apply to apply the new server publishing rule.
Note: You can modify the properties of any rule by double-clicking the rule in the Firewall Policy details pane to open the rule properties dialog box.

Publishing a VPN Server Walk-through Procedure 2b: Publish VPN Over L2TP/IPSec with NAT-T

ISA Server will be performing NAT on all incoming packets, so when you use L2TP you must also use NAT traversal (NAT-T). All L2TP over IPSec clients must have the NAT-T update installed. For more information about the NAT-T update, see article 818043, “L2TP/IPSec NAT-T Update for Windows XP and Windows 2000″ (http://go.microsoft.com/fwlink/?LinkId=28084), in the Microsoft Knowledge Base. Also, the VPN endpoint server must be running Windows Server 2003.
IPSec over L2TP requires two publishing rules. One rule will be used to publish Internet Key Exchange (IKE) negotiation and a second rule to publish NAT-T.
This procedure assumes that you have already completed the VPN configuration, referenced in Publishing a VPN Server Walk-through Procedure 1: Configure the VPN Server.
Creating a rule to publish IKE negotiation

To create a rule to publish IKE negotiation, follow these steps.
1.
In the Microsoft ISA Server Management console tree, select Firewall Policy.
2.
In the task pane, on the Tasks tab, select Create New Server Publishing Rule to start the New Server Publishing Rule Wizard.
3.
On the Welcome page, type a name for the new server publishing rule. Use a descriptive name, such as Publish IKE for L2TP/IPSec, and then click Next.
4.
On the Select Server page, provide the IP address of the server that you are publishing, and then click Next.
5.
On the Select Protocol page, in Selected protocol, select IKE Server, and then click Next.

6.
On the IP Addresses page, select the network IP addresses that will listen for requests intended for the published server. Because you are publishing the server to the Internet, select External. Click Next.
Note: By default, ISA Server will listen on all external IP addresses for VPN connections. If there is more than one IP address on the external interface of the ISA Server computer, and you want to control which IP address is published for VPN access, click the Address button to open the External Network Listener IP Selection dialog box, where you can choose to listen on specific IP addresses.
7.
Review the information on the wizard summary page, and then click Finish.
8.
In the Firewall Policy details pane, click Apply to apply the new server publishing rule.
Note: You can modify the properties of any rule by double-clicking the rule in the Firewall Policy details pane to open the rule properties dialog box.

Creating a rule to publish NAT-T

To create a rule to publish NAT-T, follow these steps.
1.
In the Microsoft ISA Server Management console tree, select Firewall Policy.
2.
In the task pane, on the Tasks tab, select Create New Server Publishing Rule to start the New Server Publishing Rule Wizard.
3.
On the Welcome page, type a name for the new server publishing rule. Use a descriptive name, such as NAT-T VPN Publishing for L2TP/IPSec, and then click Next.
4.
On the Select Server page, provide the IP address of the server that you are publishing, and then click Next.
5.
On the Select Protocol page, in Selected protocol, select IPSec NAT-T Server, and then click Next.
6.
On the IP Addresses page, select the network IP addresses that will listen for requests intended for the published server. Because you are publishing the server to the Internet, select External. Click Next.
Note: By default, ISA Server will listen on all external IP addresses for VPN connections. If there is more than one IP address on the external interface of the ISA Server computer, and you want to control which IP address is published for VPN access, click the Address button to open the External Network Listener IP Selection dialog box, where you can choose to listen on specific IP addresses.
7.
Review the information on the wizard summary page, and then click Finish.
8.
In the Firewall Policy details pane, click Apply to apply the new server publishing rule.
Note: You can modify the properties of any rule by double-clicking the rule in the Firewall Policy details pane to open the rule properties dialog box.

Publishing a VPN Server Walk-through Procedure 2c: Publish an L2TP Server

When using L2TP without IPSec, there is no need for NAT traversal because IPSec is not used. L2TP offers no data encryption, so data will traverse the VPN unencrypted. ISA Server 2004 also requires the creation of an access policy rule for outbound L2TP connections.
In addition to configuring the VPN server configuration as referenced in Publishing a VPN Server Walk-through Procedure 1: Configure the VPN Server, you must disable the automatic L2TP over IPSec policy, as described in article 310109, “HOW TO: Disable the Automatic L2TP/IPSec Policy” (http://go.microsoft.com/fwlink/?LinkId=28086), in the Microsoft Knowledge Base. Disabling the automatic L2TP over IPSec policy will require that you add a registry key to the VPN server and all clients.
Creating the server publishing rule

To create a server publishing rule, follow these steps.
1.
In the Microsoft ISA Server Management console tree, select Firewall Policy.
2.
In the task pane, on the Tasks tab, select Create New Server Publishing Rule to start the New Server Publishing Rule Wizard.
3.
On the Welcome page, type a name for the new server publishing rule. Use a descriptive name, such as L2TP VPN Publishing without IPSec, and then click Next.
4.
On the Select Server page, provide the IP address of the server that you are publishing, and then click Next.
5.
On the Select Protocol page, in Selected protocol, select L2TP Server, and then click Next.

6.
On the IP Addresses page, select the network IP addresses that will listen for requests intended for the published server. Because you are publishing the server to the Internet, select External. Click Next.
Note: By default, ISA Server will listen on all external IP addresses for VPN connections. If there is more than one IP address on the external interface of the ISA Server computer, and you want to control which IP address is published for VPN access, click the Address button to open the External Network Listener IP Selection dialog box, where you can choose to listen on specific IP addresses.
7.
Review the information on the wizard summary page, and then click Finish.
Note: You can modify the properties of any rule by double-clicking the rule in the Firewall Policy details pane to open the rule properties dialog box.

Creating the access rule

To create an access rule, use the following steps.
1.
In the Microsoft ISA Server Management console tree, select Firewall Policy.
2.
In the task pane, on the Tasks tab, select Create New Access Rule to start the New Access Rule Wizard.
3.
On the Welcome page of the wizard, enter the name for the access rule. Use a descriptive name, such as Allow L2TP from L2TP VPN Server, and then click Next.
4.
On the Rule Action page, select Allow, and then click Next.
5.
On the Protocols page, in This rule applies to, select Selected protocols, and then use the Add button to open the Add Protocols dialog box.

6.
In the Add Protocols dialog box, expand All Protocols, and select L2TP Client. Click Add, and then click Close to close the Add Protocols dialog box.

7.
On the Protocols page, click Next.

8.
On the Access Rule Sources page, click Add to open the Add Network Entities dialog box.
9.
In the Add Network Entities dialog box, click New, and then click Computer.

10.
In the New Computer Rule Element dialog box, provide the name of the new computer, L2TP VPN Server and its IP address, and then click OK.

11.
In the Add Network Entities dialog box, expand Computers, select L2TP VPN Server, click Add, and then click Close. On the Access Rule Sources page, click Next.
12.
On the Access Rule Destinations page, click Add to open the Add Network Entities dialog box, click Networks, select External, click Add, and then click Close. On the Access Rule Destinations page, click Next.
13.
On the User Sets page, leave the default user set All Users in place, and then click Next.
14.
Review the information on the wizard summary page, and then click Finish.
15.
In the Firewall Policy details pane, click Apply to apply the new access rule and the server publishing rule you created previously.

ISA Server 2006 Lab from Microsoft Tech-Ed 2006

Introduction to ISA Server
Configuring Outbound Internet Access
Publishing Web Servers and Other Servers
Publishing an Exchange Server
Enabling VPN Connections
ISA Server 2006 as Branch Office Gateway
Enterprise Management of ISA Servers
Configuring Load Balancing
Using Monitoring, Loging

http://www.microsoft.com/events/teched2006/default.mspx

Lets see your workstations game (Sep 08, 2008)
15 Websites to Increase your site statistics (Sep 08, 2008)
35 Awesome Gimp brushes (Sep 08, 2008)
9 Web Design No Nos for the Newbie (Sep 07, 2008)
68 Unique Wordpress Themes (Sep 07, 2008)

Publishing a VPN Server ”Walk-through

Related Posts

Leave a Reply

Categories

Archives

Tags

UserOnline

Spam Blocked