Microsoft KB Archive/837353

= Configuration changes that are made to Routing and Remote Access when you install Internet Security and Acceleration (ISA) Server 2004 =

Article ID: 837353

Article Last Modified on 1/15/2005

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





INTRODUCTION
This article describes the configuration changes that are made to your existing Routing and Remote Access configuration when you install Microsoft Internet Security and Acceleration (ISA) Server 2004.



MORE INFORMATION
When you install ISA Server 2004, you can upgrade the Routing and Remote Access configuration on your computer.

Note You can upgrade the Routing and Remote Access configuration whether or not Microsoft Internet Security and Acceleration Server 2000 is installed.

The following configuration changes occur to the upgraded Routing and Remote Access configuration:
 * The maximum number of remote virtual private network (VPN) clients that are permitted to connect to ISA Server 2004 is set to the greater of the following two items:
 * The number of Point-to-Point Tunneling Protocol (PPTP) ports that are configured in Routing and Remote Access.
 * The number of Layer-Two Tunneling Protocol (L2TP) ports that are configured in Routing and Remote Access.
 * If the number of static IP addresses that are available to be assigned is less than the number of VPN clients, the number of VPN clients is reduced to fit the size of the static IP address pool. In this scenario, you receive a warning message during the Routing and Remote Access upgrade process.
 * A preshared key that is configured for Routing and Remote Access is not migrated. If a preshared key is configured, you receive a warning message during the upgrade process.
 * If an IP address that is not valid is configured for the primary DNS server or for the backup DNS server in the Routing and Remote Access configuration, that DNS server IP address is not migrated. Instead, DHCP settings are used. In this scenario, you receive a warning message during the Routing and Remote Access upgrade process.

Note IP addresses in the unicast range of 1.0.0.0 to 223.255.255.255 are not valid.
 * If an IP address that is not valid is configured for the primary WINS server or for the backup WINS server in the Routing and Remote Access configuration, that WINS server IP address is not migrated. Instead, DHCP settings are used. In this scenario, you receive a warning message during the Routing and Remote Access upgrade process.
 * If a site-to-site connection in Routing and Remote Access is configured as &quot;PPTP first, and then L2TP,&quot; it is upgraded to a remote site network in ISA Server 2004, and that site network uses PPTP only. In this scenario, you receive a warning message during the Routing and Remote Access upgrade process.
 * If a site-to-site connection in Routing and Remote Access is configured as &quot;L2TP first, and then PPTP,&quot; it is upgraded to a remote site network in ISA Server 2004, and that site network uses L2TP only. In this scenario, you receive a warning message during the Routing and Remote Access upgrade process.

Note You may change the remote site network type from PPTP to L2TP or from L2TP to PPTP at any time in the future.
 * A preshared key that is configured for demand-dial interface connections in Routing and Remote Access is not migrated. If a preshared key is configured, you receive a warning message during the upgrade process.
 * Credentials that are configured for demand-dial interface connections in Routing and Remote Access are not migrated. In ISA Server 2004, outgoing VPN connections are disabled until you reconfigure them. In this scenario, you receive a warning message during the Routing and Remote Access upgrade process.

Keywords: kbhowto kbinfo kbfirewall KB837353

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.