Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
+++ CISCO VPN Client 4.0
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
+++ CISCO VPN Client 4.0 - 15.Dec.2004 5:05:00 AM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
I installed CISCO VPN Client 4.0 on a XP PC behind ISA 2004. I have a rule to allow all outgoing traffic. What else access rule do I need to create to allow CISCO VPN Client to connect a remote VPN server on Internet? Thanks.
Ian
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 16.Dec.2004 12:07:00 PM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Ian,
What is the EXACT VPN protocol you're using?
Thanks!
Tom
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 18.Dec.2004 12:22:00 AM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
Tom,
It uses the Internet Key Exchange (IKE) and Internet Protocol Security (IPSec) tunneling protocols.
Ian
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 18.Dec.2004 7:42:00 AM
|
|
|
ianfermo
Posts: 234
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
|
Hi Ian2004,
Cisco VPN client uses TCP 10000. Create a rule on ISA Server to allow this PORT. Try to check the Cisco VPN client settings and make sure the Transport type be TCP 10000.
Cheers,
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 19.Dec.2004 5:42:00 AM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
Hi Tom,
Cisco VPN Client still cannot connect to VPN server after I did the following:
1. Create a protocole "Cisco VPN Client" with
Port Range: 10000
Protocol Type: TCP
Direction: Inbound
2. Create a Access Rule with
Protocols Tab:
Protocols: Cisco VPN Client
From Tab: External
To Tab: Internal
Ian
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 19.Dec.2004 5:01:00 PM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Ian,
TCP isn't RFC at all!
Configure the client and server to use UDP.
HTH,
Tom
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 21.Dec.2004 3:42:00 AM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
Hi Tom,
It still cannot connect to VPN server after I did the following:
1. Create a protocole "Cisco VPN Client" with
Port Range: 10000
Protocol Type: UDP
Direction: Send Receive
2. Create a Access Rule with
Protocols Tab:
Protocols: Cisco VPN Client
From Tab: External
To Tab: Internal
Ian
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 9.Jan.2005 5:13:00 PM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
Does anyone have an idea? Any help will be appreciated.
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 9.Jan.2005 7:48:00 PM
|
|
|
tkeeler
Posts: 7
Joined: 8.Jan.2005
Status: offline
|
Hi Ian,
I'm pretty new to ISA 2004 but noticed that your first post said the client is behind your ISA firewall.
In your rule however, it shows From: External To: Internal
Perhaps the server is blocking the client's attempt to connect? Try switching external/internal?
Also, what does the log show when you monitor the connection attempt?
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 11.Jan.2005 1:20:00 AM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
I has metioned that I have access rule that allows all outgoing traffic. This VPN Client rule is required for the traffic from VPN server to VPN client through port 10000.
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 11.Jan.2005 4:47:00 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Ian,
No rule is required to allow responses, and the VPN server does not establish a new incoming connection to the ISA firewall when the VPN client sends the initial outbound connection request.
Make sure they Cisco VPN server hasn't been misconfigured. They often misconfigure the VPN concentrator to use TCP instead of UDP.
HTH,
Tom
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 12.Jan.2005 4:00:00 AM
|
|
|
Ian2004
Posts: 43
Joined: 1.Jun.2004
Status: offline
|
Hi Tom,
After I un-install VPN Client and then install a newer version, I can log on remote VPN server from behind ISA 2004. But it still has problems:
1. I can ping any servers on remote network but responses I get are all the public IP address of my DSL router instead of remote servers IPs.
2. I cannot terminal in any servers but I can map shares that are on remote servers.
I have no any problem when using a PC on the subnet between ISA and DSL:
1. After VPN in remote VPN server, I can ping any servers with responses of servers' IP addresses.
2. I can terminal in any servers.
Thanks.
|
|
|
|
|
RE: +++ CISCO VPN Client 4.0 - 14.Jan.2005 4:26:00 AM
|
|
|
cpmaster
Posts: 2
Joined: 14.Jan.2005
From: Philadelphia, USA
Status: offline
|
if the protocol is not defined(listed) on the protocols tab in the toolbox ISA will drop the traffic. You need to figure out what port the vpn client uses then create the protocol. ISA server only allows traffic to pass that is defined in this way. Even though you are opened outbound for all protocols it will only allow the ones it knows about.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
