configuring pptp connection for client computers:
------------------------------------------------
right click network configuration, allow vpn client connection|click
details & back|finish|
click yes to restart the service.
from administrative tools open routing and remote access|right click
server properties|on the
ip tab choose static address pool|add range of addresses than 2*ok
open AD user properties|dial in tab|allow access ,ok.
at isa|access policy|properties of ip packet filter|at pptp tab select
pptp through isa fw check
box, ok. (check it from another computer)
configuring vpn connection between networks:
-------------------------------------------
(used for enterprize edition only)at network config u need 2 config
local vpn,choose:l2tp/ipsec/pptp,2 way communication,select ip
address of local isa vpn,range of addresses that
can be accessed,on isa vpn computer config file type:a:\isavpn.vpc
securing isa server computer:
----------------------------
change to view | taskpad.
expand access policy|click ip packet filter|click secure your isa
server computer|finish.
open c:\program files\microsoft isa server\securwiz.log
creating ip packet filters:
--------------------------
-expand access policy| ip packet filters|at the details pane click
configure packet filtering and intrusion detection|on the general tab
check that enable ip routing is selected
on the packet filters tab select enable filtering of ip fragments
and enable filtering ip
options check boxes r selected|ok.
(from explorer|tools|lan settings|clear the use proxy server..:u will
not be able to surf-u
need to create a protocol rule that allow such connection)
-create packet filter named allow outgoing port 80 on the filter mode
ensure that allow packet
transmition is selected|on filter type page click custom|tcp|outbound|
on local port list choose
dynamic|on remote port click fixed mode|port number 80|on the local
computer page default ip
address for each external interface|on remore comuter page-all remote
computers|finish.
(internet explorer displays the web site)
-create packet filter name:"block outgoing traffic to contoso.msft.on
filter mode page click
block packet transmition|filter type custom|filter settings page-TCP,
outbound|local ports-all
ports|on the remote port-fixed port 80|on local computer page-default
address for external
interface|on remote computer click only thie remote computer-type the
ip|finish.
(at explorer u cannot surf from the restricted station)
-create packet filter named allow incomming port 8080 |filter mode
page-allow packet
transmition|filter type-custom| tcp -inbound|local port list-fixed port 8008|remote port
-all|default external ip|all remote computers|finish.
(fom explorer http://--ip--:8008 -c the web page|at tools|lan settings|use proxy
--ip-- port 8008
|