For virtual private network (VPN) client connections, networks from which clients can connect to the Microsoft Internet Security and Acceleration (ISA) Server 2006 computer with VPN enabled are called access networks.
For site-to-site (remote) connections, an access network is a network where the remote VPN server is located.
By default, for both site-to-site connections and for client connections, the VPN access network is set only to the External network. Therefore, when you enable VPN access, VPN connections can be established for computers on the External network.
For instructions, see Configure VPN access networks.
When you first enable VPN client access on ISA Server, a system policy rule, called Allow VPN client traffic to ISA Server, is enabled. This allows access from the External network to the Local Host network, because the External network is configured by default as an access network. You can subsequently configure additional access networks, by specifying additional VPN access networks. The system policy rule is automatically updated to apply to the additional access networks.
For site-to-site access, when you create a new remote site network, ISA Server adds the remote network to the list of networks included in the Protected Networks network set. In addition, ISA Server enables these system policy rules: