Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 13

Chia sẻ: Nothing Nothing | Ngày: | Loại File: PPT | Số trang:10

Thêm vào BST

Báo xấu

38
lượt xem 3
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Module 13: Implementing ISA Server 2004 Enterprise edition: Site-to-site VPN scenario. This module should prepare students to implement a scalable site-to-site VPN solution using ISA Server Enterprise Edition. The scenario will demonstrate how to implement a site-to-site VPN scenario that reflects a minimal but realistic set of business requirements.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 13

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario
Overview Implementing a Site-to-Site VPN Scenario Lab: Implementing a Site-to-Site VPN Scenario
Lesson: Implementing a Site-to-Site VPN Scenario Issues in Deploying Site-to-Site VPNs Guidelines for Implementing Distributed Configuration Storage Servers Guidelines for Implementing Network Load Balancing for VPN Guidelines for Configuring ISA Server Clients Guidelines for Configuring Access Rules for Site-to-Site VPNs
Issues in Deploying Site-to-Site VPNs Common site-to-site VPN deployment issues include: Choosing a tunneling protocol Configuring the remote site VPN gateway server Configuring network rules and firewall access rules ISA Server Enterprise Edition site-to-site deployment issues include: Creating a preliminary connection to install the remote Configuration Storage server Configuring Configuration Storage server replication between locations Implementing NLB for the site-to-site VPN Configuring firewall and Web proxy caching
Guidelines for Implementing Distributed Configuration Storage Servers To deploy the branch-office Configuration Storage server: Use a third-party VPN solution Use a third-party VPN solution Use Routing and Remote Access Service Use a server publishing rule Use a temporary ISA Server enterprise Use an ISA Server backup file To manage Configuration Storage server replication between office locations, use the ADAMSites tool to create ADAM sites and configure replication between sites
Guidelines for Implementing Network Load Balancing for VPN When The you enableowner connection NLB for for site-to-site VPNs: is the VPN connection automatically assigned with failover in the event of a server failure You must assign static IP addresses for VPN clients on each member of a multiple-server array You must configure the virtual IP address for the remote array as the VPN tunnel endpoint, and add all the dedicated IP addresses for the array members to the remote site network properties
Guidelines for Configuring ISA Server Clients When using ISA Server Enterprise Edition, Web Proxy and Firewall clients must connect to the array TheDNS DNS name name is assigned when the array is configured, but can be modified The client must be able to resolve the array DNS name using DNS Configure a DNS host record using the array DNS name and each array member’s dedicated IP address if NLB is not enabled and the shared IP address if NLB is enabled When configuring Web Proxy or Firewall client chaining, configure the downstream array to use the DNS name for the upstream array
Guidelines for Configuring Access Rules for Site-to-Site VPNs When configuring access rules for site-to-site VPNs, allow only required network traffic: Create computer sets to define specific computers that need access rather than using the entire network Configure access rules to allow only required protocols Use Web and server publishing rules Restrict access based on user sets When deploying main site domain members or members of a trusted domain in the remote site, you must enable the required protocols between the domain controllers, or between the domain members and domain controllers
Lab 13: Implementing a Site-to-Site VPN Scenario Den-Web-01 Exercise 1: Enabling NLB and CARP Den-DC-01 172.16.1.10 Den-ISAEE-01 192.168.1.10 172.16.1.11 192.168.1.1 for the Main\Front-End Array 192.168.0.1 172.16.1.1 RO-ISAEE-01 172.16.1.110 192.168.2.1 Den-Clt-01 192.168.2.10 Exercise 2: Configuring the Main Office Array for a Site-to-Site ` VPN Exercise 3: Deploying a ISA Shared IP Shared IP 192.168.1.3 172.16.1.3 Server Remote Site Den-ISAEE-02 192.168.1.2 Exercise 4: Configure the Branch 192.168.0.2 Den-CSS-01 172.16.1.2 192.168.1.20 Office Array for a Site-to-Site VPN Den-DC-01 Den-ISAEE-01 Den-CSS-01 Den-ISAEE-02 Den-Web-01 RO-ISAEE-01 Den-Clt-01 Host1 Host2
Course Evaluation