Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
W2K-SP4-ISA2K4
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
W2K-SP4-ISA2K4 - 14.Mar.2004 6:59:00 PM
|
|
|
drud
Posts: 3
Joined: 14.Mar.2004
Status: offline
|
Hello,
I have ISA 2K4 setup on a W2KSP4 server and am having problems getting an IPSEC tunnel setup to a remote PIX.
When trying to create a remote site in "Virtual Private Networks", "Remote Sites" tab, there is a blank page showing in the righthand "Tasks" pane (where one should define the remote peer?). If I try to create a new network under Configuration>Networks>"New Network" and try to create a VPN Site-to-Site network using IPSEC tunnelling, I get "IpSecPol could not be detected on the ISA Server Computer..".
Do I need to upgrade to 2K3 Server, or is it that I am going about this all wrong? Any guidance here is greatly appreciated.
Thanks,
drud
|
|
|
|
|
RE: W2K-SP4-ISA2K4 - 14.Mar.2004 8:16:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Drud,
Yes, you'll see this error on a Win2k box:
IPSecPol tool
To create a remote site network that uses the IPSec protocol tunneling mode on a computer running Windows 2000, you must install the IPSecPol tool, available on the Microsoft website (http://www.microsoft.com/). The tool must be installed to the ISA Server installation folder.
When you create a remote site network that uses the IPSec tunneling protocol, the Microsoft Firewall service modifies the IPSec filters on the computer, when restarting the Firewall service. This process can take up to several minutes, depending on the number of subnets included in the address ranges for the network. To minimize the effect, we recommend that you define IP address ranges that are aligned in subnet boundaries.
HTH,
Tom
|
|
|
|
|
RE: W2K-SP4-ISA2K4 - 15.Mar.2004 2:37:00 PM
|
|
|
drud
Posts: 3
Joined: 14.Mar.2004
Status: offline
|
Tom,
Thanks - that worked for setting up the IPSEC connection object. Now I am experiencing several problems. The ISA2K4 server is behind a cable modem (IP via DHCP) connected to a netgear firewall router. I cannot connect the ISA server directly to the cable modem as it will not pick up an IP via DHCP. If I use the netgear (which does pick up an IP), the now private-range ip bound to the external NIC will not serve as the local tunnel endpoint. Is there a way to get DHCP working on the external NIC of the ISA server?
Problem 2 is that I can't ping from internal hosts to the Internet. I have a rule allowing ping from Internal to external and the log shows a connection being established, but I get a request timed out from the Internal clients.
drud
|
|
|
|
|
RE: W2K-SP4-ISA2K4 - 15.Mar.2004 3:07:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Drud,
Not sure about the ping issue. I've seen a number of cable networks that don't allow ping, so that could the issue.
You'll have to use NAT-T if you want to use private adddresses on the external interface behind the cable router. Or, you can use PPTP.
HTH,
Tom
|
|
|
|
|
RE: W2K-SP4-ISA2K4 - 15.Mar.2004 4:23:00 PM
|
|
|
drud
Posts: 3
Joined: 14.Mar.2004
Status: offline
|
Tom,
How does one setup NAT-T? Also, I can ping Internet sites from the ISA server, but when I ping from inside network, I see ping established in the ISA log and request timed out on the inside host.
Thanks,
drud
|
|
|
|
|
RE: W2K-SP4-ISA2K4 - 15.Mar.2004 11:14:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Drud,
IIRC, the ISA 2004 VPN server config will automatically create rules to allow inbound NAT-T. The ISA firewall will need to be installed on a Win2003 machine, and the client will need the updated L2TP/IPSec NAT-T client from MS. I've covered the client in the ISA 2000 VPN Deployment Kit docs.
On the router, forward UDP 500 and UDP 4500 inbound.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
