Announcement

Collapse
No announcement yet.

VPN server using ISA 2004 behind checkpoint

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN server using ISA 2004 behind checkpoint

    Dear All,

    I have one server with ISA 2004, the server is at DMZ zone and behind checkpoint firewall. I want to make VPN server at ISA 2004. Can I build vpn server using ISA 2004, how to configure checkpoint and ISA 2004?
    Thx for the help...

  • #2
    http://www.isaserver.org/articles/2004pubvpn.html

    futher on checkpoint do something like this:

    from anywhere
    to isaserver
    allow access
    service: PPTP - L2TP/IPSec

    From isaserver
    to lan
    allow access
    service: (what you want)
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      why don't you make the checkpoint firewall a VPN server?
      that way, you don't have to configure your ISA server to be a VPN server.
      And Checkpoint is by far the best Firewall/VPN solution I know.

      Comment


      • #4
        i completely agree with Greel.

        for best security:

        Buy checkpoint secure client licenses.
        buy tokens/smartcard.
        with secure client, there also come's a server application which can validate the tokens (forgotten the name) which is free when you bought secure client.


        do not use radius validation. if a notebook has been stolen, the thief only needs to guess the password, and he's in. with tokens, the "password" randomizes every minut. (for example)
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X