How to configure L2TP IPSec VPN using ISA Server

If you have roaming users who want to access internal/private network but you don’t want to spend money at all. Your existing infrastructure consist of Microsoft AD, DNS, DHCP and ISA as firewall. Same as the picture below. Well, you don’t need to spend money to accomplish this objective. It’s few mouse click away.


Figure: Microsoft ISA Edge Firewall, source: Microsoft Corp.

As I mention above, you need MS AD, DNS, DHCP, Active Directory Certificate Services and ISA server. If you don’t have certificate server, you can vertualize it following this instruction. Now you have to do following steps:

  1. Check DNS, DHCP and AD connectivity in ISA server, make sure it is functioning properly.
  2. Check/ping public IP configured in one of the NICs in ISA server (ISA got at least two NICs, internal-private IP and external-public IP)
  3. Create a specific group in AD and add users who want VPN access
  4. Install machine/computer certificate in ISA server
  5. Configure VPN in ISA server
  6. Create L2TP client access policy
  7. Install user and machine certificates in VPN client machine
  8. Create L2TP VPN dialler in client machine and test connection

The following the screen shots will definitely be helpful for you.

ISA Management console>VPN>VPN Property


ISA Management Console>VPN>VPN Clients property


ISA management Console>Firewall Policy>Create New Access Policy



ISA Management Console>Apply.

Further Study:

Microsoft Technet

Administrator’s Guide to Microsoft L2TP/IPSec VPN Client

Keywords: ISA Server, L2TP IPSec, VPN

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
This entry was posted in Windows Server and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s