Re: Opinion about using ISA Server for Firewalling and VPN between multiple sites ?

From: news.free.fr (abom[antispam)
Date: 01/14/03 

From: "news.free.fr" <abom[antispam]@free.fr>
Date: Tue, 14 Jan 2003 18:24:04 +0100

Thanks for the quality of your reply Robert, now I have a better opinion and
a good feebback about an end user of a similar solution that we want to fit
here.
Thanks also for your help proposal, if I need it you will get news from my
side soon!
I have found a good source for ISA Server @ http://www.isaserver.org/
Best Regards,

Olivier

"Robert R Kircher, Jr." <rrkircher@hotmail.com> a écrit dans le message de
news: c9ucnV4kfM1JAb6jXTWcqw@giganews.com...
> news.free.fr wrote:
> > Hello to all of you!
> >
> > My boss is asking me a good solution to interconnect 6 differents
> > sites using a VPN through Internet. He has heard about Microsoft ISA
> > Server. Since I do not like too much this product (spend some hours
> > on it and get headaches!), I would like your opinion about
> > implementing such type of solution. Connections should be
> > bi-directionnal, moreover about 50 peoples will have to come to the
> > HO network using this VPN on their laptop. And of course is the use
> > of ISA server present a security risk?
> >
> > Thanks for your comments,
> >
> > Regards,
> >
> > Olivier
>
> Ok Olivier, so you've received 4 nays so far... I thought I'd give you
your
> first Yes vote for an ISA solutions.
>
> ISA *IS* a real firewall. It provides full packet, protocol, site and
user
> control both in and out of your network with full logging (although log
> management could be improved) In addition it is a web proxy and provides
> VPN. It is easy to setup and works very well. If your having any
> difficulties I can point you to a few real good sources for assistance.
>
> For your site to site connection ISA has a very simple wizard that lets
you
> define ISA to ISA connectivity between the sites which creates an on
demand
> VPN connection between sites. This connection can be one-way or both ways.
> Performance is more than adequate relative to the speed of you
connections.
>
> For you 50 HO users ISA prides VPN (actually this is through Routing and
> Remote Access Service in conjunction with ISA) This to is easy to setup
> using yet another wizard. A couple of click and your ISA server is ready
to
> accept incoming VPN calls. It supports PPTP and L2TP over IPSec.
>
> On a side note, I suggest looking into the Terminal Server built into
Win2K
> server for remote users. TS is a remote desktop service similar to PC
> Anywhere, however, many people can connect to the TS at the same time all
> running their own virtual desktop. The nicest thing about TS is it work
> very well at slow connection speeds, 56k. More importantly you home user
> doesn't have to have licenses for you business software on the home
computer
> and you can control the environment in which the user works. Greatly
> reduced the chances of virus attack through jonnie homework's VPN
> connection.
>
> Proof is in the pudding... I currently manage 4 sites that use ISA server
> (and Terminal Server) and in one form or another, we use all the things
you
> are looking for. One site has several remote office that use Terminal
> server to access the system. The ROs connect trough to the internet with
> everything from 56K modem to DSL to Cable modems. Another site has a
> satellite office connected using the gateway to gateway VPN configuration.
> And throughout all the sites most user access the system through a VPN
> connection from where ever they may be in the world.
>
> As to cost, well it aint free!!! The MSRP is $1499 per *processor* and as
> mentioned above you need a Win2K server license as well. This price is
> competitive, however, with other windows based software FWs when you add
in
> VPN and web proxy.
>
> As to security, well IMO it's like any OS... If you keep it up to date
its
> secure. If your lazy it's not. I tend to fit someplace in the middle.
In
> the two years that I've been installing and supporting ISA server I've yet
> to have one breached. Keep in mind that even those free FW mentioned
above
> are only as good as the configuration they are using. With any FW if you
> leave ports open and your bound to be hit. but if you keep things
buttoned
> up and you reasonably safe.
>
> You can download an evaluation copy from MS. Try it out and as I said if
> you have any problems shoot me a note and I'll point out a few resources
for
> you.
>
> HTH
>
> --
>
> Rob
>
>
>
>