Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cisco pix and isa 2004 ipsec wierdness

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Cisco pix and isa 2004 ipsec wierdness Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cisco pix and isa 2004 ipsec wierdness - 1.Nov.2005 6:58:00 PM   
aaronsb

 

Posts: 2
Joined: 1.Nov.2005
From: Seattle, WA
Status: offline 		I'm managing a remote site that connects to a cisco pix concentrator. I don't know much about the cisco end, other than chatting with the admin over there. However, here's where it gets a little strange.

There's a web server on the far end of the tunnel, and we've established an ipsec connection fine. You can see the protocol in a network trace, and you can ping machines on the far side as well.

However, it appears as if there are no open tcp or udp ports on any machines at the far end. ICMP returns fine however. The firewall rules are configured for completely open to the ipsec connection from the internal lan.

After beating myself up on the problem for a while, I was performing another packet trace when I saw someone else in the office successfully connecting to the site. (I've got split dns inside the lan to point to the site)

I hurried over to the machine to see why they could connect, and it ended up that they have a cisco vpn connection app installed on their machine.

Only machines that have that app installed can successfully connect to resources through the tunnel. I installed (but did not run) the vpn app on my machine, and after a reboot I could access the page and see open network ports.

After I uninstalled the app, I could still connect to the remote resources.

I am thinking about installing the vpn connection app on the isa server to see if it provides the connectivity I need to the rest of the network clients, but I'm wary as to what the heck this thing is doing to the network stack to make things work.

Has anybody experienced this and/or have suggestions as to configure isa to work without creepy software?

Thanks

Aaron
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Cisco pix and isa 2004 ipsec wierdness Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts