• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 670
  • Last Modified:

ISA-UAG VPN

I have an openvpn solution for my home lab, but would like to setup a connection which is accessible from anywhere WITHOUT installing any extra software (now a client is necessary), just opening a webbrowser ....

I have access to a coporate website through an ISA-portal (2006) but I’m not sure how it works: can I give access to rdp etc via ISA if I would implement it myself (in my lab)?

Now there is the successor of ISA: UAG. My question: can it do everything 2006 can + can it deploy a remote access solution … WITHOUT installing SSL?
Please advise how to do this/how it is done.

J.
0
janhoedt
Asked:
janhoedt
  • 4
  • 3
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
Your statement in incorrect. TMG was the successor to ISA server. UAG was closer to being the successor to RRAS. The strategy was that TMG became the thing that kept bad guys out providing the firewall and UAG was the remote-access solution letting the good guys in.

Yes, ISA can allow RDP via its publishing rules for an external client to an internal machine - or even to the ISA box itself if you are that brave.

Trying to use this method of communication to even start on how UAG would do this is not viable. TechNet already has most of the setup guides already available.

UAG can support terminal services and pretty much any other protocol but without SSL - or other encryption protocol - ceases to create a vpn and becomes just a clear stream of readable data.
0
 
janhoedtAuthor Commented:
Thanks! That's really clear!
Now, what I would like to achieve is a webpage to which I can logon from anywhere (Internet) and reach my internal servers (RDP or whatever). As mentioned, I haveopenvpn but would like to have a connection which doesn't require a client to be installed (otherwise I also could use a citrix gateway). So now my question is: should I use ISA or UAG? It's only a lab so I don't want to have to much trouble setting it up.

Note: it's a home lab and ports beneith 1024 are blocked, so I'd need a portforwarding such as no-ip.com does (in order to be reachable from behind proxies too).

Please advise.
J.
0
 
Keith AlabasterEnterprise ArchitectCommented:
UAG will do this - but it is not cheap (licensing). In UAg you would make a trunk which would take you to a 'Portal' page and on hear you would make 'links' to the internal services that you wanted to provide/give access to. A trunk can be either http or https but not many would be (lets use the word 'brave' here although foolhardy might be better) brave enough to open up internal services, other than a simple web site, to external users without encryption/authentication services to back it up.

For example, I use both http & https trunks. My http trunks allow guests into my Public Sharepoint site for read-only activities. My https trunks are used to provide authenticated access to the same portal but it reveals additional options on the portal page. I also use DirectAccess now as the VPN solution which UAG also fully supports.

For reference, UAG actually comes with a version of TMG embedded within it - however, the TMG is there to support/protect the UAG box itself - it is NOT used as an ISA/TMG equivalent of what you are currently using the ISA box for.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Keith AlabasterEnterprise ArchitectCommented:
PS - UAG also uses a client which can detect the type of client - i.e. authorised corporate laptop, corporate user ID, hard token user, certificate, kiosk-style pc etc You can then use this status to control what featyres are displayed to the user, what access control they get applied etc
0
 
janhoedtAuthor Commented:
Ok, thanks. So, according to you: what would be the best/fastest way to implement the safest solution for my lab, CLIENTLESS?
Install ISA on Windows 2003? Could I implement it that way so you need a certificate and only with then + password you can access (same way I use my openvpn, looks pretty safe & easy to me)?

J.
0
 
janhoedtAuthor Commented:
Hi,

Update: all I need to know is if I can use Forefront TMG (successor of ISA) to enable remote access to resources on my lab domain via a secured web interface (f.e. publish an RDP access). In other words a tunneling of all protocols via https.
If it is possible, I would like to know how it is done.

Thanks,
J.
0
 
janhoedtAuthor Commented:
Fair enough
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now