ISA Server 2006 – IPsec Tunnel Mode Site-to-Site VPN Connections: A Couple of Things That Are Not Supported

By /

An interesting article by Adrian Dimcev about some limitations to IPsec tunnel mode support for site to site VPNs using IPsec tunnel mode with ISA 2006 firewalls and VPN gateways. Adrian points out several issues with IPsec tunnel mode integration and connectivity to third party VPN gateways:

  • Lack of support for Diffie-Hellman MODP Group 5 (we support the strong Group 14)
  • Lack of support for AES (will be included with the TMG)
  • A limitation in how networks are configured that make certain scenarios difficult to support (such as a single IP address defining the Local Site Network)
  • Certificate checks limited to confirming the issuing CA of the certificate
  • ISA IPsec tunnel mode does not support compression
  • Overlapping subnets in site to site VPN scenarios

Check out Adrian’s full explanations of these issues over at:

http://www.carbonwind.net/ISA/IPsecTunnelModeNotSupportedThings/IPsecTunnelModeNotSupportedThings.htm

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top