Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Interoperability of Routing and Remote Access and Internet Security and Acceleration Server 2004 or Microsoft Forefront Threat Management Gateway, Medium Business Edition


View products that this article applies to.

Introduction

If you install Microsoft Internet Security and Acceleration (ISA) Server 2004 on a computer that is running Microsoft Windows 2000 Server or Microsoft Windows Server 2003, or Microsoft Forefront Threat Management Gateway, Medium Business Edition on Windows Essential Business Server 2008, ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition server takes control of the Routing and Remote Access service configuration. For example, if you configure a virtual private network (VPN) through the ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server Management snap-in, ISA Server 2004 or Microsoft Forefront Threat Management Gateway, Medium Business Edition server automatically configures the settings in Routing and Remote Access. This helps avoid conflicts because settings that you configure by using the ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server Management snap-in are also applied to Routing and Remote Access. There are some Routing and Remote Access parameters, such as the Routing and Remote Access tracing level, that are not available through the ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server Management snap-in. These parameters can be set directly through Routing and Remote Access.

↑ Back to the top


More information

ISA Server 2004 or Microsoft Forefront Threat Management Gateway, Medium Business Edition and Routing and Remote Access interoperability

ISA Server 2004 or Microsoft Forefront Threat Management Gateway, Medium Business Edition depends on and enhances the basic VPN functionality that the Routing and Remote Access service provides. While you can perform most VPN configuration using the ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server Management snap-in, you can also configure some advanced settings using Routing and Remote Access. If you do use Routing and Remote Access to configure VPN settings, you must be careful not to override specific settings that must be configured only in ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server. In particular, note the following:
  • If you use Routing and Remote Access to enable network address translation (NAT), some ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server features may not function correctly.
  • Do not use Routing and Remote Access to enable or to disable Internet Protocol (IP) routing. ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server always synchronizes with the Routing and Remote Access settings, but the Routing and Remote Access service does not check to verify how ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server configures IP routing functionality. However, you can use Routing and Remote Access to configure the routing table.
  • Any packet filters that you configure using Routing and Remote Access are never applied.
  • Because the Routing and Remote Access packet filters are disabled, Routing and Remote Access quarantine mode is rendered useless. Instead, use ISA or Microsoft Forefront Threat Management Gateway, Medium Business Edition Server 2004 quarantine functionality. For more information about ISA Server 2004 quarantine functionality, in the ISA Server Management console, click Help on the Action menu, type quarantine in the Type in the word(s) to search for box, and then click List Topics to view the list of topics returned.
For More information about Quarantine control functnality in Microsoft Forefront Threat Management Gateway, Medium Business Edition Server visit the following link. http://technet.microsoft.com/en-us/library/cc441526.aspx

Microsoft ISA Server 2000 Routing and Remote Access upgrade

Note This section of the article does not apply Microsoft Forefront Threat Management Gateway, Medium Business Edition. It is only valid for ISA 2004.
If you install ISA Server 2004 on a computer that is running ISA Server 2000, you can upgrade the Routing and Remote Access configuration. Note the following limitations to the Routing and Remote Access configuration upgrade:
  • The maximum number of VPN clients that is permitted to connect to the ISA Server 2004 computer is set to whichever is larger in Routing and Remote Access: the number of Point-to-Point tunneling protocol (PPTP) ports or the number of Layer 2 Tunneling Protocol (L2TP) ports.
  • If the number of IP addresses that are statically assigned is smaller than the number of VPN clients, ISA Server 2004 reduces the number of VPN clients to fit the size of the static address pool. In this scenario you receive a warning message during the Routing and Remote Access upgrade process.
  • If an invalid IP address is configured for the primary Domain Name System (DNS) server, the IP address is not exported. Instead, ISA Server 2004 uses the Dynamic Host Configuration Protocol (DHCP) settings, and issues a warning message. If an invalid IP address is configured for the backup DNS server, the IP address is not exported and ISA Server issues a warning message.
  • If an invalid IP address is configured for the primary Windows Internet Name Service (WINS) server, the IP address is not exported. Instead, ISA Server 2004 uses the DHCP settings, and issues a warning message. If an invalid IP address is configured for the backup WINS server, the IP address is not exported and ISA Server issues a warning message.
  • If a site-to-site connection in Routing and Remote Access is configured as PPTP first, and then L2TP, the connection is upgraded to an ISA Server 2004 remote site network that uses PPTP only. In this case, ISA issues a warning message.
  • If a site-to-site connection in Routing and Remote Access is configured as L2TP first, and then PPTP, the connection is upgraded to an ISA Server 2004 remote site network that uses L2TP only. In this case, ISA Server issues a warning message.
  • Preshared keys that are configured for Routing and Remote Access are not exported. For example, preshared keys that are configured for site-to-site connections in Routing and Remote Access are not exported. In this case, ISA Server 2004 issues a warning message.
  • Credentials that are configured for site-to-site connections in Routing and Remote Access are not exported. On ISA Server 2004, outgoing VPN connections are disabled until you reconfigure them. In this case, ISA Server issues a warning message.

↑ Back to the top


Keywords: KB838374, kbinfo, kbfirewall

↑ Back to the top

Article Info
Article ID : 838374
Revision : 3
Created on : 11/17/2008
Published on : 11/17/2008
Exists online : False
Views : 506