Complete List of ISA Server 2000 VPN Deployment Kit Documents
August 7 2003
Below is a complete list of the ISA Server 2000 VPN Deployment Kit documents. The documents are divided into the following groups:
I will
continue to update this list as we add new documents based on your input. The ISA Server 2000 VPN Deployment Kit documents are
also updated on a daily basis as ISA Server firewall admins write in
with suggestions and requests for corrections and enhancements.
If you have some ideas for new documents to include in the list, or would like to submit a correction or suggestion, just send me a note at tshinder@isaserver.org and I’ll take care of it. Our goal is to put all the ISA Server 2000 related VPN information into a central clearing house that provides you with the step by step, no-nonsense, how-to information you need to get the job done, and get it done faster!
VPN Deployment Guide Concept Documents
1. ISA
Server 2000 VPN Deployment Kit Table of Contents
This document contains a complete list of the 30
documents that comprise the ISA Server
2000 VPN Deployment Kit.
2.
VPN Network Design Concepts – Overview of VPN Networking Designs for
Small and Medium Sized Business
This document provides a high level and conceptual overview of VPN networking,
what it does and how it works. Basic network infrastructure elements such as
routers, front end firewalls, network addressing, WINS, DNS, routing tables,
DHCP, RADIUS, Active Directory, and PKI are discussed.
This is high level discussion. For detailed information on Windows 2000 and
Windows Server 2003 VPN client/server and VPN gateway to gateway (“site to
site”) networking, please visit the www.microsoft.com/vpn
.
3.
Applying the ISA Server 2000 VPN Deployment Kit to VPN Network Scenarios
–Using the VPN Deployment Kit Documents that apply to your network design
This document provides an approach you can use to get
the most out of the ISA Server 2000 VPN Deployment Kit documents. Several
common scenarios are described. You then match your
scenario with the one described and pull out only the ISA Server 2000 VPN
Deployment Kit documents that pertain to your configuration. The goal is that
you are exposed to a minimum amount of information
that is irrelevant to your own scenario.
VPN Client Configuration Documents
4.
Setting Up the Windows 98 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required
to make a Windows 98 computer a PPTP or L2TP/IPSec VPN client to an ISA Server
firewall/VPN server.
5.
Setting Up the Windows 98SE PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required
to make a Windows 98SE computer a PPTP or L2TP/IPSec VPN client to an ISA
Server firewall/VPN server.
6.
Setting Up the Windows ME PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to
make a Windows ME computer a PPTP or L2TP/IPSec VPN client to an ISA Server
firewall/VPN server.
7.
Setting Up the Windows NT Workstation 4.0 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required
to make a Windows NT 4.0 Workstation computer a PPTP or L2TP/IPSec VPN client
to an ISA Server firewall/VPN server.
8.
Setting Up the Windows 2000 PPTP
and L2TP/IPSec Client
This document includes all the details and step by step instructions required
to make a Windows 2000 computer a PPTP or L2TP/IPSec VPN client to an ISA
Server firewall/VPN server.
9.
Setting Up the Windows Server
2003 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required
to make a Windows Server 2003 computer a PPTP or L2TP/IPSec VPN client to an
ISA Server firewall/VPN server.
10.
Setting Up the Windows XP PPTP and L2TP/IPSec
Client
This document includes all the details and step by step instructions required
to make a Windows XP computer a PPTP or L2TP/IPSec VPN client to an ISA Server
firewall/VPN server.
11.
Configuring the ISA Server Firewall/VPN Server to Support
L2TP/IPSec NAT Traversal Client Connections
This document discusses packet filters required on the ISA Server firewall/VPN
server to allow incoming VPN connections requests from external L2TP/IPSec
using IPSec NAT-T. Detailed instructions on how to supplement the packet
filters created by the ISA Server 2000 VPN Server Wizard are included.
12.
Configuring the ISA Firewall/VPN Server to Support
Outbound L2TP/IPSec NAT-T Connections
This document discusses Protocol Definitions and
Protocols Rules required to allow L2TP/IPSec VPN clients on the internal
network outbound access to L2TP/IPSec VPN server on the Internet. Clients on
the internal network are configured with IETF RFC
compliant IPSec NAT-T VPN client software.
13.
Forcing Firewall Policy on VPN Clients
This document discusses procedures required to safely and securely allow VPN
clients to access the Internet while they are connected
to the corporate network via a VPN link. The procedures described in this
document prevent VPN clients from compromising the network via split tunneling.
14.
Configuring VPN Clients to Support Network Browsing
This document provides a description of the problem of using Network
Neighborhood or My Network Places to browse the private network when connected
via a VPN link. Solutions to the network browsing problem, as well as solutions
to the authentication issue when accessing internal network resources are presented.
15.
Configuring the DHCP Relay Agent to Support VPN Client TCP/IP Addressing
Options
This document discusses how to configure a DHCP Relay
Agent on the ISA Server firewall/VPN server so that DHCP options such as WINS
and DNS server addresses can be assigned to the VPN client. This article also
discusses important DNS name resolution issues and how to solve them using the domain
name DHCP option.
16.
Using the Connection Manager Administrator Kit (CMAK) to Streamline VPN
Client Configuration
This document provides detailed step by step instructions on how to use the
Connection Manager Administration Kit (CMAK) to create VPN Dial-up Networking
links (connectoids) for your VPN users. CMAK allows you to create the VPN
connectoids for the users so that users are not confused by running the Dial-up
Networking Wizard on this own computers.
VPN Server Configuration Documents
17.
Installing and Configuring ISA Server 2000 on Windows
Server 2003
This document provides detailed step by step instructions on how to install ISA
Server 2000 on a Windows Server 2003 machine. A short discussion of important
configuration options is included.
18.
Configuring the Windows Server 2003 ISA Server 2000/VPN Server
This document provides detailed step by step instructions on how to set up and
configure the Windows Server 2003 based ISA Server 2000 firewall to be a VPN server.
The ISA Server 2000 VPN Server Wizard and custom configuration of the VPN
server components are discussed.
19.
Creating Routing and Remote Access Policy and Remote
Access Permissions in Windows Server 2003 – Including EAP-TLS Authentication
for PPTP and L2TP/IPSec Clients
This document explains how to create a Remote Access Policy on the ISA Server
firewall/VPN server to support incoming VPN client calls. Advanced topics
including EAP/TLS certificate-based user authentication are
also discussed.
20.
Installing and Configuring Windows Server 2003 RADIUS
Support for VPN Clients – Including Support for EAP/TLS Authentication
This document discusses creating Remote Access Policy on a Windows Server 2003
RADIUS Server and configuring the ISA Server firewall/VPN server to apply
RADIUS authentication and RAS policy to incoming VPN client requests. Advanced
topics including EAP/TLS certificate-based user authentication are also discussed.
21.
Installing and Configuring a Windows Server 2003
Standalone Certification Authority
This document provides detailed step by step instructions
on how to install and configure a Windows Server 2003 standalone certification
authority (CA). Standalone and enterprise CA’s are compared
and contrasted in this article.
22.
Installing and Configuring a Windows Server 2003
Enterprise Certification Authority
This document provides detailed step by step
instructions on how to install and configure a Windows Server 2003 enterprise
certification authority (CA). Standalone and enterprise CA’s
are compared and contrasted in this article.
23.
Obtaining a Machine Certificate via Web Enrollment from a
Windows Server 2003 Standalone CA
This document provides detailed step by step instructions on how to obtain a
machine certificate that you can use to create an L2TP/IPSec VPN connection
with the ISA Server firewall/VPN server via a standalone CA’s Web enrollment
site.
24.
Obtaining a Machine Certificate via Web Enrollment from a
Windows Server 2003 Enterprise CA
This document provides detailed step by step instructions on how to obtain a
machine certificate that you can use to create an L2TP/IPSec VPN connection
with the ISA Server firewall/VPN server via a enterprise CA’s Web enrollment
site.
25.
Assigning Certificates to Domain Members via Autoenrollment in a Windows
Server 2003 Active Directory Domain
This document provides detailed step by step instructions on how to configure
domain Group Policy to automatically assign computer and user certificates that
can be used to create L2TP/IPSec connections and certificate-based EAP/TLS user
authentication.
26.
Publishing a Windows Server 2003 Certification Authority Web Enrollment
Site and Certificate Revocation List
This document provides detailed step by step instructions on how to publish a
standalone CA Web enrollment site so that external clients can request and
obtain a machine certificate that can be used to
create L2TP/IPSec VPN connections to the ISA Server firewall/VPN server. This
article also includes detailed information on how to publish the Certificate
Revocation List (CRL).
27.
Configuring the VPN Client and Server to Support Certificate-Based PPTP
EAP-TLS Authentication
This document provides detailed step by step instructions on how to setup the
VPN client computer to obtain a user certificate for certificate-based EAP/TLS
authentication and how to configure the VPN Dial-up Networking connectoid to
present this certificate to the ISA Server firewall/VPN server.
VPN Gateway Configuration Documents
28.
Connecting Networks over the Internet with a Gateway to Gateway VPN:
Scenario 1 – ISA Server 2000 Firewall/VPN Servers at Local and Remote Sites
This document provides detailed step by step instructions on how to setup and
configure a gateway to gateway VPN link that joins two networks over the
Internet. This “site to site” connection allows network hosts on each side of
the gateway to gateway link to communicate with one another as if they were on
the same LAN.
VPN Failover and Fault Tolerance Documents
29.
Configuring Fault Tolerance and Load Balancing for ISA Firewall/VPN
Servers
This document provides detailed step by step instructions on how create an ISA
Server firewall/VPN server NLB array. The NLB array provides fault tolerance.
Load balancing and transparent fail over for incoming PPTP and L2TP/IPSec VPN
connections. The Windows Server 2003 NLB and ISA Server-based VPN is one of the
“killer applications” of ISA Server based firewalls.
VPN in DMZ Environment Documents
30.
Allowing Inbound L2TP/IPSec Connections Through a Back to Back ISA Server
2000/Windows Server 2003 DMZ
This document discusses issues involved in creating inbound VPN connections to
a ISA Server firewall/VPN server located behind a front-end firewall. Windows
Server 2003 support for IETF RFC compliant IPSec NAT Traversal has greatly
expanded the number of environments Windows-based VPN clients can create
L2TP/IPSec connections from. This article provides step by step details on how
to configure the DMZ firewalls and VPN server.