Complete List of ISA Server 2000 VPN Deployment Kit Documents

August 7 2003

 

Below is a complete list of the ISA Server 2000 VPN Deployment Kit documents. The documents are divided into the following groups:

 

 

I will continue to update this list as we add new documents based on your input. The ISA Server 2000 VPN Deployment Kit documents are also updated on a daily basis as ISA Server firewall admins write in with suggestions and requests for corrections and enhancements.

 

If you have some ideas for new documents to include in the list, or would like to submit a correction or suggestion, just send me a note at tshinder@isaserver.org and I’ll take care of it. Our goal is to put all the ISA Server 2000 related VPN information into a central clearing house that provides you with the step by step, no-nonsense, how-to information you need to get the job done, and get it done faster!

 

VPN Deployment Guide Concept Documents

 

1.       ISA Server 2000 VPN Deployment Kit Table of Contents
This document contains a complete list of the 30 documents that comprise the ISA Server 2000 VPN Deployment Kit.

 

2.       VPN Network Design Concepts – Overview of VPN Networking Designs for Small and Medium Sized Business
This document provides a high level and conceptual overview of VPN networking, what it does and how it works. Basic network infrastructure elements such as routers, front end firewalls, network addressing, WINS, DNS, routing tables, DHCP, RADIUS, Active Directory, and PKI are discussed. This is high level discussion. For detailed information on Windows 2000 and Windows Server 2003 VPN client/server and VPN gateway to gateway (“site to site”) networking, please visit the www.microsoft.com/vpn .

 

3.       Applying the ISA Server 2000 VPN Deployment Kit to VPN Network Scenarios –Using the VPN Deployment Kit Documents that apply to your network design
This document provides an approach you can use to get the most out of the ISA Server 2000 VPN Deployment Kit documents. Several common scenarios are described. You then match your scenario with the one described and pull out only the ISA Server 2000 VPN Deployment Kit documents that pertain to your configuration. The goal is that you are exposed to a minimum amount of information that is irrelevant to your own scenario.

 

VPN Client Configuration Documents

 

4.       Setting Up the Windows 98 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows 98 computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

5.       Setting Up the Windows 98SE PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows 98SE computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

6.       Setting Up the Windows ME PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows ME computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

7.       Setting Up the Windows NT Workstation 4.0 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows NT 4.0 Workstation computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

8.       Setting Up the Windows 2000 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows 2000 computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

9.       Setting Up the Windows Server 2003 PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows Server 2003 computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

10.   Setting Up the Windows XP PPTP and L2TP/IPSec Client
This document includes all the details and step by step instructions required to make a Windows XP computer a PPTP or L2TP/IPSec VPN client to an ISA Server firewall/VPN server.

 

11.   Configuring the ISA Server Firewall/VPN Server to Support L2TP/IPSec NAT Traversal Client Connections
This document discusses packet filters required on the ISA Server firewall/VPN server to allow incoming VPN connections requests from external L2TP/IPSec using IPSec NAT-T. Detailed instructions on how to supplement the packet filters created by the ISA Server 2000 VPN Server Wizard are included.

 

12.   Configuring the ISA Firewall/VPN Server to Support Outbound L2TP/IPSec NAT-T Connections
This document discusses Protocol Definitions and Protocols Rules required to allow L2TP/IPSec VPN clients on the internal network outbound access to L2TP/IPSec VPN server on the Internet. Clients on the internal network are configured with IETF RFC compliant IPSec NAT-T VPN client software.

 

13.   Forcing Firewall Policy on VPN Clients
This document discusses procedures required to safely and securely allow VPN clients to access the Internet while they are connected to the corporate network via a VPN link. The procedures described in this document prevent VPN clients from compromising the network via split tunneling.

 

14.   Configuring VPN Clients to Support Network Browsing
This document provides a description of the problem of using Network Neighborhood or My Network Places to browse the private network when connected via a VPN link. Solutions to the network browsing problem, as well as solutions to the authentication issue when accessing internal network resources are presented.

 

15.   Configuring the DHCP Relay Agent to Support VPN Client TCP/IP Addressing Options
This document discusses how to configure a DHCP Relay Agent on the ISA Server firewall/VPN server so that DHCP options such as WINS and DNS server addresses can be assigned to the VPN client. This article also discusses important DNS name resolution issues and how to solve them using the domain name DHCP option.

 

16.   Using the Connection Manager Administrator Kit (CMAK) to Streamline VPN Client Configuration
This document provides detailed step by step instructions on how to use the Connection Manager Administration Kit (CMAK) to create VPN Dial-up Networking links (connectoids) for your VPN users. CMAK allows you to create the VPN connectoids for the users so that users are not confused by running the Dial-up Networking Wizard on this own computers.

 

VPN Server Configuration Documents

 

17.   Installing and Configuring ISA Server 2000 on Windows Server 2003
This document provides detailed step by step instructions on how to install ISA Server 2000 on a Windows Server 2003 machine. A short discussion of important configuration options is included.

 

18.   Configuring the Windows Server 2003 ISA Server 2000/VPN Server
This document provides detailed step by step instructions on how to set up and configure the Windows Server 2003 based ISA Server 2000 firewall to be a VPN server. The ISA Server 2000 VPN Server Wizard and custom configuration of the VPN server components are discussed.

 

19.   Creating Routing and Remote Access Policy and Remote Access Permissions in Windows Server 2003 – Including EAP-TLS Authentication for PPTP and L2TP/IPSec Clients
This document explains how to create a Remote Access Policy on the ISA Server firewall/VPN server to support incoming VPN client calls. Advanced topics including EAP/TLS certificate-based user authentication are also discussed.

 

20.   Installing and Configuring Windows Server 2003 RADIUS Support for VPN Clients – Including Support for EAP/TLS Authentication
This document discusses creating Remote Access Policy on a Windows Server 2003 RADIUS Server and configuring the ISA Server firewall/VPN server to apply RADIUS authentication and RAS policy to incoming VPN client requests. Advanced topics including EAP/TLS certificate-based user authentication are also discussed.

 

21.   Installing and Configuring a Windows Server 2003 Standalone Certification Authority
This document provides detailed step by step instructions on how to install and configure a Windows Server 2003 standalone certification authority (CA). Standalone and enterprise CA’s are compared and contrasted in this article.

 

22.   Installing and Configuring a Windows Server 2003 Enterprise Certification Authority
This document provides detailed step by step instructions on how to install and configure a Windows Server 2003 enterprise certification authority (CA). Standalone and enterprise CA’s are compared and contrasted in this article.

 

23.   Obtaining a Machine Certificate via Web Enrollment from a Windows Server 2003 Standalone CA
This document provides detailed step by step instructions on how to obtain a machine certificate that you can use to create an L2TP/IPSec VPN connection with the ISA Server firewall/VPN server via a standalone CA’s Web enrollment site.

 

24.   Obtaining a Machine Certificate via Web Enrollment from a Windows Server 2003 Enterprise CA
This document provides detailed step by step instructions on how to obtain a machine certificate that you can use to create an L2TP/IPSec VPN connection with the ISA Server firewall/VPN server via a enterprise CA’s Web enrollment site.

 

25.   Assigning Certificates to Domain Members via Autoenrollment in a Windows Server 2003 Active Directory Domain
This document provides detailed step by step instructions on how to configure domain Group Policy to automatically assign computer and user certificates that can be used to create L2TP/IPSec connections and certificate-based EAP/TLS user authentication.

 

26.   Publishing a Windows Server 2003 Certification Authority Web Enrollment Site and Certificate Revocation List
This document provides detailed step by step instructions on how to publish a standalone CA Web enrollment site so that external clients can request and obtain a machine certificate that can be used to create L2TP/IPSec VPN connections to the ISA Server firewall/VPN server. This article also includes detailed information on how to publish the Certificate Revocation List (CRL).

 

27.   Configuring the VPN Client and Server to Support Certificate-Based PPTP EAP-TLS Authentication
This document provides detailed step by step instructions on how to setup the VPN client computer to obtain a user certificate for certificate-based EAP/TLS authentication and how to configure the VPN Dial-up Networking connectoid to present this certificate to the ISA Server firewall/VPN server.

 

VPN Gateway Configuration Documents

 

28.   Connecting Networks over the Internet with a Gateway to Gateway VPN: Scenario 1 – ISA Server 2000 Firewall/VPN Servers at Local and Remote Sites
This document provides detailed step by step instructions on how to setup and configure a gateway to gateway VPN link that joins two networks over the Internet. This “site to site” connection allows network hosts on each side of the gateway to gateway link to communicate with one another as if they were on the same LAN.

 

 VPN Failover and Fault Tolerance Documents

 

29.   Configuring Fault Tolerance and Load Balancing for ISA Firewall/VPN Servers
This document provides detailed step by step instructions on how create an ISA Server firewall/VPN server NLB array. The NLB array provides fault tolerance. Load balancing and transparent fail over for incoming PPTP and L2TP/IPSec VPN connections. The Windows Server 2003 NLB and ISA Server-based VPN is one of the “killer applications” of ISA Server based firewalls.

 

VPN in DMZ Environment Documents

 

30.   Allowing Inbound L2TP/IPSec Connections Through a Back to Back ISA Server 2000/Windows Server 2003 DMZ
This document discusses issues involved in creating inbound VPN connections to a ISA Server firewall/VPN server located behind a front-end firewall. Windows Server 2003 support for IETF RFC compliant IPSec NAT Traversal has greatly expanded the number of environments Windows-based VPN clients can create L2TP/IPSec connections from. This article provides step by step details on how to configure the DMZ firewalls and VPN server.