Using ISA Server to Extend Server and Domain Isolation Interoperability
This white paper details how to use ISA Server as an IPsec gateway or proxy within a Server and Domain Isolation solution, from preparation to installation and configuration, and includes best practices to keep in mind during the process. It is written for enterprise technical decision makers, IT administrators, and architects who want to gain a better understanding of the processes and implementation of ISA Server as an IPsec gateway or proxy to extend IPsec interoperability.
http://www.microsoft.com/downloads/details.aspx?Fa...ang=en
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Matthew Morris Says:
July 30th, 2008 at 3:28 am
Gudday Tom,
Does anyone know where this article has gone?…
If not maybe I can request some knowledge from the ISA expert.
I’m trying to see if I can extend domain isolation for Vista Laptop clients that use an SSL VPN for termination (unfortunately I didn’t have a choice) to then pass through the ISA server into the domain zone based upon authenticated domain isolation policies tied to certificate based IPSEC (Especially AD which is 2008). This way I can allow full domain access to long term remote access laptops while maintaining the integrity of the network via User certs - SSL vpn and device certs - ipsec domain isolation….
This approach should minimise the session cookie risk of the SSL VPN as you would also need a domain device cert for the ipsec into the domain environment….
Any thoughts you have on this would be very greatly appreciated.
Best Regards
Matthew Morris
Thomas Shinder Says:
July 30th, 2008 at 7:27 am
Hi Matthew,
I have that document. Send me a note at tshinder@isaserver.org and I’ll send it to you.
Thanks!
Tom