6.
Assigning Routes to Remote Users
Often VPN users will need to access many different subnets when connected to the
network though a VPN tunnel. There are several options when it comes to the routing
configuration for remote VPN users:
. Configure the default route on the client??”The Windows VPN client is configured
to change the default gateway on the remote user??™s system to point to the ISA server
when a connection is established. This setting basically routes all traffic to the ISA
VPN server. This setting is recommended for a much higher level of security because
the VPN clients are using the internal ISA server to reach the Internet and are
FIGURE 9.6 Establishing network relationships.
233
9
Enabling VPN Functionality in ISA Server
subject to the configured firewall policies. This also prevents the possibility of
another system on the same network as the VPN client from routing traffic to the
internal network.
. Use CMAK to modify the routing table??”If routing all information through the ISA
server is not desirable, the Connection Manager Administration Kit (CMAK) can be
used to configure and deploy a wide array of custom client settings, including
custom routing tables to be used when the VPN tunnel is established.
Pages:
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417