VPN access network

For virtual private network (VPN) client connections, networks from which clients can connect to the Microsoft Internet Security and Acceleration (ISA) Server 2006 computer with VPN enabled are called access networks.

For site-to-site (remote) connections, an access network is a network where the remote VPN server is located.

By default, for both site-to-site connections and for client connections, the VPN access network is set only to the External network. Therefore, when you enable VPN access, VPN connections can be established for computers on the External network.

For instructions, see Configure VPN access networks.

Remote VPN client access

When you first enable VPN client access on ISA Server, a system policy rule, called Allow VPN client traffic to ISA Server, is enabled. This allows access from the External network to the Local Host network, because the External network is configured by default as an access network. You can subsequently configure additional access networks, by specifying additional VPN access networks. The system policy rule is automatically updated to apply to the additional access networks.

Site-to-site access

For site-to-site access, when you create a new remote site network, ISA Server adds the remote network to the list of networks included in the Protected Networks network set. In addition, ISA Server enables these system policy rules:

• Allow VPN site-to-site traffic from ISA Server. This rule allows the ISA Server computer access to clients on the External network, using the selected VPN protocol.
• Allow VPN site-to-site traffic to ISA Server. This rule allows clients on the External network access to the ISA Server computer, using the selected VPN protocol.

---

Get latest ISA Server content at ISA Server Guidance. Send feedback about this page.

• English-to-Russian translation