Welcome to ISAserver.org

Discussion about article on publishing a VPN server behind the ISA Firewall

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> VPN >> Discussion about article on publishing a VPN server behind the ISA Firewall

Page: [1]

Message

<< Older Topic Newer Topic >>

Discussion about article on publishing a VPN server beh... - 7.Dec.2007 11:28:13 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

This thread is for discussing the article series on how to publish a VPN server behind the ISA Firewall at http://isaserver.org/tutorials/Allowing-Inbound-L2TPIPSec-NAT-Traversal-Connections-through-Back-Back-ISA-Server-Firewall-DMZPart1.html

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

Post #: 1

Featured Links*

RE: Discussion about article on publishing a VPN server... - 7.Dec.2007 11:54:08 AM

justmee

Posts: 505
Joined: 14.May2007
Status: offline

Hi Tom,

quote:

There is also an updated client for Windows 98, Windows NT 4.0 and Windows ME.

That link is going nowhere.
I think the link can be taken now from(I did not read this whole doc, the ms article is too long for me

since I have problems remembering how to use a Windows 98):
http://technet.microsoft.com/en-gb/library/bb742553.aspx
Meaning:
http://download.microsoft.com/download/win98/Install/1.0/W9XNT4Me/EN-US/msl2tp.exe
I did not notice the Vista reg hack in your article:
http://support.microsoft.com/kb/926179
I think it might be useful since the path is different from XP.
Sorry if I've bothered you.
Best,
J

(in reply to tshinder)

Post #: 2

RE: Discussion about article on publishing a VPN server... - 9.Dec.2007 11:38:24 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi J,

Excellent link for the Vista/Win2008 reghack!

I'll put that in the article.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to justmee)

Post #: 3

RE: Discussion about article on publishing a VPN server... - 17.Nov.2009 2:14:05 PM

edsiri

Posts: 3
Joined: 10.Mar.2005
Status: offline

Hi Tom,

I just used this article to help setup a site-to-site vpn with TMG server in our test environment which is as follows: a single TMG server in our DC office, and 2 TMG servers in our Chicago office in a back-to-back configuration. The internal network located behind the backend firewall in Chicago needs to communicate with the internet network in DC -- therefore a site-to-site vpn was setup.

To get this to work, we had to perform the registry hacks on both servers (DC TMG server, and the Chicago Back-end TMG server) to allow NAT-T in Windows Server 2008 R2. Another thing that we had to do, which was not stated in this particular article was that we also had to create an access rule on the CHI front-end firewall to allow UDP 500/4500 from the *CHI front-end* firewall. I found this a bit puzzling since, on the CHI front-end firewall there was already a publishing rule to allow DC->CHI (back-end firewall), and an access rule for CHI(back-end firewall)->DC. Not sure why the CHI front-end firewall specifically needed an access rule for this to work? (Further puzzling, is that using "Local Host" as the source did not work. Instead, we had to create an entry for the front-end firewall's external NIC IP.)

...just hoping to further understand NAT-T in site-to-site scenarios and how all this works. Thanks in advance.

(in reply to tshinder)

Post #: 4

RE: Discussion about article on publishing a VPN server... - 27.Nov.2009 9:30:44 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

I'm a little confused here.

In the back to back firewall configuration, you published UDP 500/4500 AND you needed to create an Access Rule from the front-end to the back-end firewall for UDP 500/4500?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to edsiri)

Post #: 5