Microsoft 2004 Create the Remote Site at the Branch Office

ISA Server 2004 Configuration Guide 252

Create the Remote Site at the Branch Office

Now that the main office is ready, we can configure the branch office ISA Server 2004

firewall. First, create the Remote Site Network at the branch office:

Perform the following steps to create the Remote Site Network at the branch office:

1. Open the Microsoft Internet Security and Acceleration Server 2004 management

console and expand the server name. Click on the Virtual Private Networks (VPN)

node.

2. Click on the Remote Sites tab in the Details Pane. Click on the Tasks tab in the Task

Pane. Click Add Remote Site Network.

3. On the Welcome to the New Network Wizard page, enter a name for the remote

network in the Network name text box. In this example, we will name the remote network

Main. Click Next.

4. On the VPN Protocol page, select Layer Two Tunneling Protocol (L2TP) over IPSec

and click Next.

5. On the Remote Site Gateway page, enter the IP address on the external interface of the

remote ISA Server 2004 firewall machine. In this example, the IP address is

192.168.1.70, so enter this value into the text box. Click Next.

6. On the Remote Authentication page, put a checkmark in the Local site can initiate

connections to remote site using these credentials check box. Enter the name of the

account you will create on the remote ISA Server 2004 firewall computer to allow the

main office VPN gateway access. In this example, the user account will be Branch (the

user account much match the name of the demand-dial interface created on the remote

site). The Domain name is the name of the remote ISA Server 2004 firewall computer,

which in this example is ISALOCAL (if the remote ISA Server 2004 firewall were a

domain controller, then you would use the domain name instead of the computer name).

Enter a Password for the account and confirm the Password. Note the password so you

will remember it when you create the account later on the remote ISA Server 2004

firewall. Click Next.

7. Read the information on the Local Authentication page, and click Next.

8. On the L2TP/IPSec Authentication page, put a checkmark in the Allow pre-shared key

IPSec authentication as a secondary (backup) authentication method check box.

Enter a key in the Use pre-shared key for authentication text box. In this example,

enter 123. Click Next.

9. Click Add on the Network Addresses page. In the IP Address Range Properties dialog

box, enter 10.0.0.0 in the Starting address text box. Enter 10.0.0.255 in the Ending

address text box. Click OK.

10. Click Next on the Network Addresses page.

11. Click Finish on the Completing the New Network Wizard page.