More about these configurations appears in subsequent
sections of this chapter.
Server placement can also affect the VPN protocols that are available, or at least may
influence the decision on what protocols to implement. The PPTP protocol supports
many different configurations, including being implemented with a private IP address
behind a NAT firewall or having a public IP address connected directly to the Internet or
within a section of the internal network designed with routable IP addresses, such as the
226
DMZ. A L2TP/IPSec VPN is best implemented when the ISA server has a public IP address
either directly connected to the Internet or within a section of the internal network
designed with routable IP addresses, for the NAT-T limitation reasons described in the
preceding sections.
Deploying an ISA VPN Server as a Domain Member
There are several advantages when the ISA VPN server is a member of an internal Active
Directory domain. These advantages often result in a much lower total cost of ownership
and overall simplicity regarding system management and overall maintenance, and are
defined as follows:
. Group Policy Objects??ā€¯Active Directory group policies can be leveraged to create a
highly controlled, standardized, and very secure environment by enforcing security
settings and security auditing and helping to eliminate human error and repetitive
configuration tasks.
Pages:
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407