Phillip Windell replied to Guillermo Lovato
24-Nov-09 04:48 PM
There is no Layer3 or Layer4 Restrictions performed by the ISA.
But you have Access Restrictions at the Application Level and OS Level using
NTFS & Share Permissions (OS Level) and you have access Restrictions built
into whatever Application they try to use after they connect (Application
Level). These are the same kind of restrictions that you control the LAN
Users everyday. These are of course not performed by the ISA.
So what we are saying is that the VPN user (with ISA2000) has exactly the
same kind of restriction that they would have if they were physically
sitting at a desk in your building using a workstation just like everyone
else using their workstations. Except that they have the additonal
restriction that the machine they are sitting at is not likely a domain
member and becomes a type of restriction in-an-of-itself.
So, summary:
Do the VPN Users have restrictions = Yes, the same as everyone else on
the LAN
Do the VPN Users have *extra* restrictions provided by the VPN device
(ISA200) = No
Does the fact that the VPN User may not use a Domain Member Machine create a
restriction for them = Yes, the same as someone trying to use a
non-domain member machine physically on the LAN
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------