Publisher Summary This chapter discusses the ISA 2006 firewall's virtual private networking (VPN) remote access server and VPN gateway features. It is observed that when a VPN remote-access client establishes a connection with the VPN server, the VPN client acts like a machine that is directly connected to the corporate network. This virtual link to the corporate network enables the remote VPN user to access almost every resource on the corporate network limited only by the access controls configured on the servers and workstations. User mapping is a feature that allows you to map virtual private network (VPN) clients connecting to ISA Server using an authentication method that is not based on Windows authentication to the Windows Active Directory namespace. One of the major improvements that the ISA 2004/2006 firewall has over ISA Server 2000 is that it can be configured to use IPSec tunnel mode for site-to-site VPN connections. The ISA firewall can authenticate VPN users with Remote Access Dial-In User Service (RADIUS). The RADIUS Protocol allows the ISA 2006 firewall to forward user credentials of a RADIUS server on the Internal network. It is suggested that one can significantly enhance the security of your ISA firewall's VPN remote access client connections by using Extensible Authentication Protocol user certificate authentication.