?
Solved

ISA-UAG VPN

Posted on 2012-09-14
9
Medium Priority
?
658 Views
Last Modified: 2012-10-10
I have an openvpn solution for my home lab, but would like to setup a connection which is accessible from anywhere WITHOUT installing any extra software (now a client is necessary), just opening a webbrowser ....

I have access to a coporate website through an ISA-portal (2006) but I’m not sure how it works: can I give access to rdp etc via ISA if I would implement it myself (in my lab)?

Now there is the successor of ISA: UAG. My question: can it do everything 2006 can + can it deploy a remote access solution … WITHOUT installing SSL?
Please advise how to do this/how it is done.

J.
0
Comment
Question by:janhoedt
  • 4
  • 3
7 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 38401151
Your statement in incorrect. TMG was the successor to ISA server. UAG was closer to being the successor to RRAS. The strategy was that TMG became the thing that kept bad guys out providing the firewall and UAG was the remote-access solution letting the good guys in.

Yes, ISA can allow RDP via its publishing rules for an external client to an internal machine - or even to the ISA box itself if you are that brave.

Trying to use this method of communication to even start on how UAG would do this is not viable. TechNet already has most of the setup guides already available.

UAG can support terminal services and pretty much any other protocol but without SSL - or other encryption protocol - ceases to create a vpn and becomes just a clear stream of readable data.
0
 

Author Comment

by:janhoedt
ID: 38401257
Thanks! That's really clear!
Now, what I would like to achieve is a webpage to which I can logon from anywhere (Internet) and reach my internal servers (RDP or whatever). As mentioned, I haveopenvpn but would like to have a connection which doesn't require a client to be installed (otherwise I also could use a citrix gateway). So now my question is: should I use ISA or UAG? It's only a lab so I don't want to have to much trouble setting it up.

Note: it's a home lab and ports beneith 1024 are blocked, so I'd need a portforwarding such as no-ip.com does (in order to be reachable from behind proxies too).

Please advise.
J.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38401289
UAG will do this - but it is not cheap (licensing). In UAg you would make a trunk which would take you to a 'Portal' page and on hear you would make 'links' to the internal services that you wanted to provide/give access to. A trunk can be either http or https but not many would be (lets use the word 'brave' here although foolhardy might be better) brave enough to open up internal services, other than a simple web site, to external users without encryption/authentication services to back it up.

For example, I use both http & https trunks. My http trunks allow guests into my Public Sharepoint site for read-only activities. My https trunks are used to provide authenticated access to the same portal but it reveals additional options on the portal page. I also use DirectAccess now as the VPN solution which UAG also fully supports.

For reference, UAG actually comes with a version of TMG embedded within it - however, the TMG is there to support/protect the UAG box itself - it is NOT used as an ISA/TMG equivalent of what you are currently using the ISA box for.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38401291
PS - UAG also uses a client which can detect the type of client - i.e. authorised corporate laptop, corporate user ID, hard token user, certificate, kiosk-style pc etc You can then use this status to control what featyres are displayed to the user, what access control they get applied etc
0
 

Author Comment

by:janhoedt
ID: 38405440
Ok, thanks. So, according to you: what would be the best/fastest way to implement the safest solution for my lab, CLIENTLESS?
Install ISA on Windows 2003? Could I implement it that way so you need a certificate and only with then + password you can access (same way I use my openvpn, looks pretty safe & easy to me)?

J.
0
 

Author Comment

by:janhoedt
ID: 38432022
Hi,

Update: all I need to know is if I can use Forefront TMG (successor of ISA) to enable remote access to resources on my lab domain via a secured web interface (f.e. publish an RDP access). In other words a tunneling of all protocols via https.
If it is possible, I would like to know how it is done.

Thanks,
J.
0
 

Author Closing Comment

by:janhoedt
ID: 38482284
Fair enough
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question