The same security concepts
apply for this scenario as well, and the pre-shared key is inherently less secure than a
certificates-based approach. That said, certain third-party products may only support
shared key, and ISA supports either implementation.
FIGURE 10.11 Monitoring site-to-site VPN traffic.
293
10
Configuring ISA 2006 to Integrate with Third-Party VPN Tunnel Products
Configuring the Third-Party VPN Site
To use the IPSec Tunnel Mode to define a remote site, perform the following steps on the
local ISA server:
1. Open the ISA Server Management Console.
2. Select the Virtual Private Networks (VPN) node from the console tree.
3. Select the Remote Sites tab from the Details pane.
4. Select Create VPN Site-to-Site Connection from the Tasks pane.
5. Enter the name of the connection in the Network Name field; for example, enter
Toronto and click Next.
6. Select IP Security Protocol (IPSec) Tunnel Mode, as shown in Figure 10.12, and click
Next to continue.
7. Enter the remote IP address of the VPN third-party gateway and enter the local VPN
gateway IP address. Click Next to continue.
8. On the IPSec Authentication page, enter whether to use certificates or a pre-shared
key for authentication.
Pages:
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502