Here’s where I call a “my bad” on myself. I recently did a two part article on how to configure a site to site VPN connections using the new ISA 2006 firewall at the main and branch offices. In that article series, I went through all the step by step examples required to create the Remote Networks at both the main and branch offices.
What I didn’t realize is that there is a new integrated site to site VPN wizard that allows you to create an answer file that can be used by a non-technical user at the branch office. There are two steps:
- Create the answer file at the main office ISA firewall
- Run the appcfgwzd.exe application at the branch office and tell that application to use the answer file to create the connection
The answer file has all the information required and the branch office non-technical user only needs to run appcfgwzd to get things running. Even the most scripting-phobic ISA firewall admin can create a simple .bat file for the user to get things running.
I’ll do an update to the site to site VPN article that shows you how to use the branch office VPN wizard.
Most importantly, my apologies to the ISA Server dev team members who worked on this project — I’ve been hounding them since the release of ISA 2004 for a method to make creating a site to site VPN as easy as it was with ISA 2000 🙂
UPDATE: Check www.isaserver.org on August 22, 2006 and you’ll find an article on the new Branch Office Connectivity Wizard. Hope you like it!
Thomas W Shinder, M.D.
MVP — ISA Firewalls