ISA Server 2004 or Microsoft Forefront Threat Management Gateway, Medium Business Edition and Routing and Remote Access interoperability
ISA Server 2004 or Microsoft Forefront Threat Management Gateway, Medium Business Edition depends on and enhances the basic VPN functionality that the Routing and Remote Access service provides. While you can perform most VPN configuration using the ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server Management snap-in, you can also configure some advanced settings using Routing and Remote Access. If you do use Routing and Remote Access to configure VPN settings, you must be careful not to override specific settings that must be configured only in ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server. In particular, note the following:
- If you use Routing and Remote Access to enable network address translation (NAT), some ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server features may not function correctly.
- Do not use Routing and Remote Access to enable or to disable Internet Protocol (IP) routing. ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server always synchronizes with the Routing and Remote Access settings, but the Routing and Remote Access service does not check to verify how ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server configures IP routing functionality. However, you can use Routing and Remote Access to configure the routing table.
- Any packet filters that you configure using Routing and Remote Access are never applied.
- Because the Routing and Remote Access packet filters are disabled, Routing and Remote Access quarantine mode is rendered useless. Instead, use ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server 2004 quarantine functionality.
For more information about ISA Server 2004 quarantine functionality, in the ISA Server Management console, click Help on the Action menu, type quarantine in the Type in the word(s) to search for box, and then click List Topics to view the list of topics returned.
For More information about Quarantine control functnality in Microsoft Forefront Threat Management Gateway, Medium Business Edition Server visit the following link.
http://technet.microsoft.com/en-us/library/cc441526.aspxMicrosoft ISA Server 2000 Routing and Remote Access upgrade
Note This section of the article does not apply Microsoft Forefront Threat Management Gateway, Medium Business Edition. It is only valid for ISA 2004.
If you install ISA Server 2004 on a computer that is running ISA Server 2000, you can upgrade the Routing and Remote Access configuration.
Note the following limitations to the Routing and Remote Access configuration upgrade:
- The maximum number of VPN clients that is permitted to connect to the ISA Server 2004 computer is set to whichever is larger in Routing and Remote Access: the number of Point-to-Point tunneling protocol (PPTP) ports or the number of Layer 2 Tunneling Protocol (L2TP) ports.
- If the number of IP addresses that are statically assigned is smaller than the number of VPN clients, ISA Server 2004 reduces the number of VPN clients to fit the size of the static address pool. In this scenario you receive a warning message during the Routing and Remote Access upgrade process.
-
If an invalid IP address is configured for the primary Domain Name System (DNS) server, the IP address is not exported. Instead, ISA Server 2004 uses the Dynamic Host Configuration Protocol (DHCP) settings, and issues a warning message. If an invalid IP address is configured for the backup DNS server, the IP address is not exported and ISA Server issues a warning message.
-
If an invalid IP address is configured for the primary Windows Internet Name Service (WINS) server, the IP address is not exported. Instead, ISA Server 2004 uses the DHCP settings, and issues a warning message. If an invalid IP address is configured for the backup WINS server, the IP address is not exported and ISA Server issues a warning message.
- If a site-to-site connection in Routing and Remote Access is configured as PPTP first, and then L2TP, the connection is upgraded to an ISA Server 2004 remote site network that uses PPTP only. In this case, ISA issues a warning message.
-
If a site-to-site connection in Routing and Remote Access is configured as L2TP first, and then PPTP, the connection is upgraded to an ISA Server 2004 remote site network that uses L2TP only. In this case, ISA Server issues a warning message.
- Preshared keys that are configured for Routing and Remote Access are not exported. For example, preshared keys that are configured for site-to-site connections in Routing and Remote Access are not exported. In this case, ISA Server 2004 issues a warning message.
- Credentials that are configured for site-to-site connections in Routing and Remote Access are not exported. On ISA Server 2004, outgoing VPN connections are disabled until you reconfigure them. In this case, ISA Server issues a warning message.