Implementing ISA 2004 PPTP VPN based Smart Card EAP and RADIUS Authentication without Making the ISA Firewall a Domain Member [source : www.isaserver.org]


The ISA Server 2004 firewall can be configured to use strong, two-factor authentication to allow VPN clients access to selected network resources. When two-factor authentication with smart cards and the ISA Server 2004 firewall’s stateful packet and application layer inspection engines kick in, you know you’ve got the best Firewall/VPN device you can get. Idan Plotnik shows you how to make it happen.
 
Implementing ISA Server 2004 2004 PPTP VPN based Smart Card EAP and RADIUS Authentication without Making the ISA Server 2004 Firewall a Domain Member by Idan Plotnik
 
 

Comments (2)

  1. Kurt Hashimoto says:

    A better way and safer way: get a standard

    Linux box as your firewall and forward all

    pptp connections to a windows box behind the

    wall.

    Benefits:

    . Your known-to-be-weak-to-attacks windows

    box is well protected behind a wall

    . You get to log all passing pptp traffic

    See here for a good pptp forwarder proxy:

    http://www.mgix.com/pptpproxy

  2. stanislas-quastana says:

    You’are joking, aren’t you? 🙂

    You must read my blog content or try http://www.microsoft.com/isa

    "pptpproxy forwards PPTP VPN connections through a Linux firewall."

    –> Your Linux add no additionnal security layer (no more than a basic router with ACLs !!!)

    ISA 2004 is an Application Layer Firewall (it works at layers 3,4 and 7) and is enough to protect the Windows OS 😉

    No security issue on isa 2004 since its release last year !!! (source : http://secunia.com/product/3687/)