Need to disable ISA 2000 VPN  capabilities.

Posted on 2005-05-02
Last Modified: 2013-11-16

I am not a network admin, but I need an easy way to disable VPN capabilities.
I work at a small company who had network guy experimenting with VPN capabilities but they are no longer with the company.
We just want to make sure no one has access to the network anymore.

I did a little reading on how to set up a vpn but the documentation is pretty vast.
Can I just disable some protocols/rules like IPSEC.

I don't want to mess anything else that is setup on the firewall, so I was hoping there might be an easy sure fire way to turn off VPN capabilities only.


Question by:slowjoe34
    LVL 1

    Assisted Solution

    Disabling the IPSEC protocol will effectively stop a VPN from functioning. So yes it is a good idea if you are not using the protocol for any other purpose. Other common ports used for VPN include UDP 500, L2TP, AH and ESP protocols. If there are any rules including those descriptions they should be only used for VPN.

    You can also look in the Protocol Rules section with ISA Management to see if there are any rules defined for VPN access. Hopefully whoever was trying to setup ISA for VPN access included some comments (as all good admins should ;-) )

    The other area to check is the publishing area to see if the person setup a particular server for termination or for remote control.

    Hope this helps.... TJ

    Author Comment


    Thanks for the reply.

    I have not had the chance to tinker with the ISA server yet.

    I'll look through the protocol rules to see if we have any defined rules for VPN access like you siad. I am not sure if I am going to disable the IPSEC service just yet. Since I am not sure if it is being used for anything else. Like I said I am not a network guy and I am kind of learning on the fly.

    I'll let you know how it goes.
    LVL 2

    Accepted Solution

    go to >programs >administrative tools >RRAS (Routing and Remote Access)
    Right click and get properties on the server name
    uncheck the box allow remote connections via dial-up and ethernet
    stop and restart the RRAS services

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now