Configuring Gateway to Gateway L2TP/IPSec VPNs Part 1: Configuring the Infrastructure

Configuring a gateway to gateway VPN is easy using ISA Server. The reason why it’s so easy is that the Local and Remote VPN Wizards make the setup a virtual no-brainer. Well, it’s a no-brainer when you’re configuring PPTP VPN gateways. But if you’re in the market for a high security L2TP/IPSec gateway to gateway VPN, you probably have either been trying to avoid it like the plague or you are pulling your hair out trying to figure out how to make it work!

Configuring authentication methods for ISA

It is important to have some sort of authentication method when using clients to access a resource through ISA, not doing so could result in unauthorized access to resources in or outside of your network. ISA has various methods of authenticating clients, I have discussed this in a previous tutorial (Understanding ISA’s different Authentication types). I will tutor you on how to configure various authentication types best suited for your ISA server. While showing you in five easy steps, how to configure the various authentication types, I will not go into too much detail on each authentication type. For more comprehensive on authentication types information please refer to my previous tutorial (Understanding ISA’s different Authentication types).

Configuring alerts to notify the administrator through email

As part of monitoring, it is vital that you get alerted when there is an intrusion or an attack taking place on your network. ISA has methods of identifying when an attack is attempted or taking place on your network. ISA Server compares network traffic and log entries to well-known attack methods that are used by hackers. ISA also has the capability of taking actions when these attacks are taking place.

Configuring Firewall Chains

ISA Server supports both distributed and hierarchical caching. In distributed caching, the ISA Server cache is distributed among array members. In hierarchical caching, different ISA Servers or arrays can connect to other ISA Servers or arrays for cached data access, or eventual access to the Internet. The array closest to the Internet is considered the "upstream" array while the array that is most far from the Internet is considered the "downstream" array. Aside from caching, a chained configuration can provide authentication functions as well.

Scroll to Top