. Manually assign static routes??”Although probably more tedious and complicated
than most endusers can handle, it is possible to manually add static routes to the
remote client workstation, and then of course manually remove them when the VPN
connection has ended.
The settings to configure the default route on the client system along with the CMAK are
covered in detail later in this chapter.
Authenticating VPN Users
The placement of the ISA VPN server ultimately governs how user accounts are accessed
during authentication. The following authentication methods are available:
. Authenticating directly against Active Directory??”As previously stated, if the ISA
VPN server is installed as a domain member server, users can be authenticated directly
against the internal Active Directory domain without any additional configuration.
. Implement RADIUS Authentication??”A RADIUS server, such as Microsoft??™s IAS,
included with both the Windows 2000 Server and Windows Server 2003, can allow
the stand-alone ISA VPN server to authenticate users against the internal domain.
This service is very useful when the ISA VPN server has been implemented in a DMZ
configuration.
Pages:
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418