janhoedt
asked on
ISA-UAG VPN
I have an openvpn solution for my home lab, but would like to setup a connection which is accessible from anywhere WITHOUT installing any extra software (now a client is necessary), just opening a webbrowser ....
I have access to a coporate website through an ISA-portal (2006) but I’m not sure how it works: can I give access to rdp etc via ISA if I would implement it myself (in my lab)?
Now there is the successor of ISA: UAG. My question: can it do everything 2006 can + can it deploy a remote access solution … WITHOUT installing SSL?
Please advise how to do this/how it is done.
J.
I have access to a coporate website through an ISA-portal (2006) but I’m not sure how it works: can I give access to rdp etc via ISA if I would implement it myself (in my lab)?
Now there is the successor of ISA: UAG. My question: can it do everything 2006 can + can it deploy a remote access solution … WITHOUT installing SSL?
Please advise how to do this/how it is done.
J.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
UAG will do this - but it is not cheap (licensing). In UAg you would make a trunk which would take you to a 'Portal' page and on hear you would make 'links' to the internal services that you wanted to provide/give access to. A trunk can be either http or https but not many would be (lets use the word 'brave' here although foolhardy might be better) brave enough to open up internal services, other than a simple web site, to external users without encryption/authentication services to back it up.
For example, I use both http & https trunks. My http trunks allow guests into my Public Sharepoint site for read-only activities. My https trunks are used to provide authenticated access to the same portal but it reveals additional options on the portal page. I also use DirectAccess now as the VPN solution which UAG also fully supports.
For reference, UAG actually comes with a version of TMG embedded within it - however, the TMG is there to support/protect the UAG box itself - it is NOT used as an ISA/TMG equivalent of what you are currently using the ISA box for.
For example, I use both http & https trunks. My http trunks allow guests into my Public Sharepoint site for read-only activities. My https trunks are used to provide authenticated access to the same portal but it reveals additional options on the portal page. I also use DirectAccess now as the VPN solution which UAG also fully supports.
For reference, UAG actually comes with a version of TMG embedded within it - however, the TMG is there to support/protect the UAG box itself - it is NOT used as an ISA/TMG equivalent of what you are currently using the ISA box for.
PS - UAG also uses a client which can detect the type of client - i.e. authorised corporate laptop, corporate user ID, hard token user, certificate, kiosk-style pc etc You can then use this status to control what featyres are displayed to the user, what access control they get applied etc
ASKER
Ok, thanks. So, according to you: what would be the best/fastest way to implement the safest solution for my lab, CLIENTLESS?
Install ISA on Windows 2003? Could I implement it that way so you need a certificate and only with then + password you can access (same way I use my openvpn, looks pretty safe & easy to me)?
J.
Install ISA on Windows 2003? Could I implement it that way so you need a certificate and only with then + password you can access (same way I use my openvpn, looks pretty safe & easy to me)?
J.
ASKER
Hi,
Update: all I need to know is if I can use Forefront TMG (successor of ISA) to enable remote access to resources on my lab domain via a secured web interface (f.e. publish an RDP access). In other words a tunneling of all protocols via https.
If it is possible, I would like to know how it is done.
Thanks,
J.
Update: all I need to know is if I can use Forefront TMG (successor of ISA) to enable remote access to resources on my lab domain via a secured web interface (f.e. publish an RDP access). In other words a tunneling of all protocols via https.
If it is possible, I would like to know how it is done.
Thanks,
J.
ASKER
Fair enough
ASKER
Now, what I would like to achieve is a webpage to which I can logon from anywhere (Internet) and reach my internal servers (RDP or whatever). As mentioned, I haveopenvpn but would like to have a connection which doesn't require a client to be installed (otherwise I also could use a citrix gateway). So now my question is: should I use ISA or UAG? It's only a lab so I don't want to have to much trouble setting it up.
Note: it's a home lab and ports beneith 1024 are blocked, so I'd need a portforwarding such as no-ip.com does (in order to be reachable from behind proxies too).
Please advise.
J.