Announcement

Collapse
No announcement yet.

Maximum allowed VPN over ISA2004

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Maximum allowed VPN over ISA2004

    Well,

    i've 3 nice questions, where i currently breaking my head off..
    i already got some sleepless nights about it...

    one of our customers, has a single ISA 2004 standard edtion server. ISA 2004 runs on a machine with 3.8 GHz CPU and has got 1 GB of memory.

    system has 5 GB remaining diskspace on drive C and 57 GB on drive D.

    Now here are the questions where I need answers for, before making an advisory to the customer.

    Question 1)
    Is it possible to allow 200 - 400 VPN client connections at once. (all at the same time) including checking if it's safe, or else if it needs to be placed in Quarantaine.

    Question 2)
    What's the bandwith usage each VPN tunnels consumes. This is still without any data transfer or something. So how much bandwith is needed to open a VPN connection.

    for example, if the connection uses 64 KB of the bandwith to setup/keep the connection, you only need a 12 Mb connection to receive al those connections.

    if anyone knows a aricle about it, please let me know as soon as possible. Even some of our specialists feld almost off there chair when i asked those questions.

    I personally think you need an huge bandwith line (at least a 32 MB connection) and an array of about 5 - 6 ISA 2004 enterprise servers, but this is guessing at this moment. Also we would like to use L2TP, so think also about encryping, decrypting, routing and so on.

    Question 3)
    how can we make sure that all ports on the client are blocked when the connection has been setup.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"


  • #2
    Re: Maximum allowed VPN over ISA2004

    1. Please review:

    http://www.rimapp.com/docs/ISA2004In...tive_Quick.pdf

    http://www.microsoft.com/technet/pro...uarantine.mspx

    2.

    http://www.microsoft.com/technet/Sec.../isaprfbp.mspx

    3. You may need to customize Quarantine Control script or GPO:

    http://www.microsoft.com/technet/pro...uarantine.mspx

    I think that 2 ISA Ent. with 1x 3.4 GHZ + 2 MB CACHE + 4 GB RAM will reslove this scenario.

    Servers:

    2x ISA Server:

    HP 380 G4 High Performance Model
    1* 3.4 GHZ + 2 MB Cache or 2* 3.4 GHZ + 2 MB Cache
    Floppy + DVD
    4* 1 GB RA, DDR 3200
    Advanced ILO2 License
    HP ProLiant Battery Write Cache Enabler for SA6i
    2* 74 GB 15000 RPM
    2* 146 GB 15000 RPM (If you use it also for proxy)
    HP SCSI Duplex Kit
    Dual Power Supply
    Redundant fan options Kit
    64 Bit/133 MHZ Dual Channel Ultra320 SCSI Adapter for backup library
    Rack Kit
    Optional - 24/7 Warranty on Site



    Please send the server hardware configurations for HP 385 With Dual\One
    CPU's AMD 265 Opteron 1.8-2.2 GHZ, Dual Core




    Software:

    Operating System:

    2x Windows 2003 R2 Standard Open B

    2x ISA 2004 Enterprise

    2x Trend Antivirus for ISA 2004
    Last edited by yuval14; 17th November 2005, 16:52.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Maximum allowed VPN over ISA2004

      thanks Yuval..

      there also used for proxyservers... currenly there is 1 isa 2004 standard running in mixed mode
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Maximum allowed VPN over ISA2004

        additionally add-on
        http://www.microsoft.com/technet/pro...practices.mspx

        also.. customer wants dell so i think a recommedation of 2 Dell PowerEdge 2850 would do the trick..

        with a 100 MB internetlink (they already have it say an other system admin) there problably won't be any problem setting this up..

        now, only securing the local client will problaby give some problems. all local computers, not in a domain enviroment... so no gpo or something is possible..

        well, always look at the bright site of life...
        Last edited by Dumber; 18th November 2005, 13:36.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X