Announcement

Collapse
No announcement yet.

Remote Access for laptop users through ISA 2006

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Access for laptop users through ISA 2006

    How can I configure isa 2006 to allow remote access to laptop users access and authenticate a. user and b. computer?

    Riptide

  • #2
    Re: Remote Access for laptop users through ISA 2006

    Are you looking for VPN or something else?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Remote Access for laptop users through ISA 2006

      The key elements for us are to be able to authenticate the username and password, but also the workstation (laptops that travel all over). Is this possible?

      I know that RRAS alone will do both. I have seen diagrams showing isa in front, followed by RRAS behind it. I will also have to announce for Exchange 2003 OWA, later announce for Exchange 2007 and the use of Outlook 2007 and Outlook anywhere, and allow remote access to file servers.

      As you can see, this is my first time at bat with this.

      Riptide

      Comment


      • #4
        Re: Remote Access for laptop users through ISA 2006

        The thing that jumps out at me would be using RADIUS authentication for VPN clients and creating an appropriate Remote Access Policy in IAS. That way only domain member machines would be allowed to connect and then you can use PEAP authentication to verify the username and password only if the machine is a permitted dial-in client.

        The alternative would be to use L2TP/IPSec VPNs so that only machines with an appropriate certificate could connect in, and the users would still have to provide username and password. This is probably the simpler option if you already have an internal PKI in place.

        RRAS can be placed behind ISA, however ISA sits on top of RRAS anyway so normal practice would be to configure the ISA Server for VPN Client Access which will in turn make the appropriate changes to RRAS. You should never try to manually edit RRAS settings on an ISA server, weird things can happen.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Remote Access for laptop users through ISA 2006

          I would go for the L2TP/IPSEC solution provided by Cruachan. Note that the ISA server should be domain joined.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment

          Working...
          X