• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

CISCO VPN , PCANYWHERE AND ISA SERVER

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> CISCO VPN , PCANYWHERE AND ISA SERVER Page: [1]
Login
Message << Older Topic   Newer Topic >>
CISCO VPN , PCANYWHERE AND ISA SERVER - 7.Jan.2004 1:26:00 PM   
jare

 

Posts: 6
Joined: 18.Nov.2003
From: madrid (spain)
Status: offline
I Need to conect throught isa sever to remote host.First i use cisco vpn client to establish connection and all its ok , the problem came with pcanywhere (10 ) I cant connect with the remote host, i tried it with secure nat and firewall client and i cant ping the remote host, without firewall there is not problem to connect .

anyone has a solution +

thanks a lot
Post #: 1
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 7.Jan.2004 11:12:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jare,

how did you verify that the Cisco VPN connection was properly setted up? For more info, check out:
- http://www.isaserver.org/articles/IPSec_Passthrough.html
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=13;t=001993

HTH,
Stefaan

(in reply to jare)
Post #: 2
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 13.Jan.2004 1:39:00 PM   
jare

 

Posts: 6
Joined: 18.Nov.2003
From: madrid (spain)
Status: offline
THANKS BUT.

The VPN connection is established, but there is no traffic possible through the tunnel with securenat client and firewall and I cant ping to the remote host.

(in reply to jare)
Post #: 3
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 16.Jan.2004 9:44:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jare,

did you check out the status screen on the VPN client? Once the VPN tunnel is established, you should see 'Transparent Tunneling: Active' and 'Tunnel Port: UDP 4500'.

HTH,
Stefaan

(in reply to jare)
Post #: 4
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 20.Jan.2004 2:17:00 PM   
jare

 

Posts: 6
Joined: 18.Nov.2003
From: madrid (spain)
Status: offline
TRANSPARENT TUNNELING IS ACTIVE BUT VPN PORT IS 10000 UDP.

(in reply to jare)
Post #: 5
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 20.Jan.2004 8:28:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jare,

OK, that seems to be a somewhat older Cisco NAT-T implementation. Therefore, you should have a protocol rule allowing UDP port 10000 send/receive. I would create this one in addition to the other two listed in my article. Also, keep in mind you should first test with the Firewall client disabled.

HTH,
Stefaan

[ January 20, 2004, 08:31 PM: Message edited by: spouseele ]

(in reply to jare)
Post #: 6
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 21.Jan.2004 12:51:00 PM   
jare

 

Posts: 6
Joined: 18.Nov.2003
From: madrid (spain)
Status: offline
I CREATED 3 PROTOCOL RULES:

- IKE, UDP 500 :SEND AND RECIVE
- NAT TRANSVERSAL , UDP 4500 :SEND AND RECIVE
- UDP PORT 10000 :SEND AND RECIEVE

ALSO FIREWALL CLIENT IS DISABLED, DEFAULT GATEWAY (ISA INTERNAL IP,SECURENAT).

IN CISCO VPN:

- CONECTION IS ESTABLISHED
- TRANSPARENT MODE IS ACTIVE
- VPN PORT:10000 UDP

but i cant ping to remote hosts and default dns server asigned by CISCO VPN in remote network

(in reply to jare)
Post #: 7
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 21.Jan.2004 9:44:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jare,

the next thing to do is running the 'ipconfig /all' and 'route print' command on the VPN client with *and* without the VPN connection established. You should see some added routes and the TCP/IP properties of the VPN adapter when the VPN connection is establised.

Now, all depends on how the VPN administrator has configured the VPN client, but check out that the network ID you want to reach through the VPN tunnel is different from the network ID used on your internal network.

HTH,
Stefaan

(in reply to jare)
Post #: 8
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 22.Jan.2004 11:52:00 AM   
jare

 

Posts: 6
Joined: 18.Nov.2003
From: madrid (spain)
Status: offline
THANKS A LOT ννν

my internal network range is 192.168.0.0-192.168.255.255 and cisco vpn is assigned to 10.x.x.x class by dhcp.

(in reply to jare)
Post #: 9
RE: CISCO VPN , PCANYWHERE AND ISA SERVER - 22.Jan.2004 10:54:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jare,

and what is the destination network ID you want to reach through the VPN tunnel?

BTW --- you may post the result of the commands here too.

HTH,
Stefaan

[ January 22, 2004, 10:55 PM: Message edited by: spouseele ]

(in reply to jare)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> CISCO VPN , PCANYWHERE AND ISA SERVER Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts