|VPN on ISA
You can configure the user account properties for VPN access by using
Active Directory Users and Computers or by configuring the local computer that
is running ISA Server. To configure the user account for VPN access, check
Allow access or Control access through
Remote Access Policy
under Dial-in tab.
To configure the computer that is running ISA Server as a VPN server, you
must do all the following:
1. Configure VPN client access.
2. Create a VPN access rule.
3. Verify the VPN network rule.
Symptom: you create VPN in ISA server and the VPN
clients use different IP range from the LAN. For example, the LAN IPs are
10.X.X.X and the VPN client IPs are 192.168.1.X.
Resolution: you need to add routing table
entries pointing to the internal interface of the ISA server for the off
subnet network ID. You can add these manually, or use a routing protocol such
as RIP or OSPF.
Interoperability of RRAS and ISA
If you install ISA Server 2004 on a computer that is running
2000/2003 server, ISA Server takes control of the Routing and Remote Access
service configuration. However, there are some Routing and Remote Access
parameters, such as the Routing and Remote Access tracing level, that are not
available through the ISA Server Management snap-in. These parameters can be
set directly through Routing and Remote Access.
To permits network traffic between two networks in both directions, you may
want to create Policy Rule. This behavior might be helpful when you configure
VPN client connections.