• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How to get VPN to work

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> How to get VPN to work Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to get VPN to work - 22.Jun.2002 4:25:00 PM   
Mark H

 

Posts: 14
Joined: 25.Sep.2001
From: Hudson Ohio USA
Status: offline
Ok I am frustrated...
I have a client that has some form of
Cisco VPN software, which he wont tell
me what.
All I have to do is open a ESP port (what ever that is) on the ISA server.
I cant seem to find how to do this?

Any suggestions?
Thanks
Mark
Post #: 1
RE: How to get VPN to work - 22.Jun.2002 4:46:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Mark,

you simply can *not* pass plain ESP through ISA. It will not work.

I know that some Cisco VPN clients supports the NAT traversal feature (sometimes called UDP encapsulated ESP). With this feature enabled, it can pass through ISA. For more info, check out http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=1;t=000916

HTH,
Stefaan

(in reply to Mark H)
Post #: 2
RE: How to get VPN to work - 22.Jun.2002 5:04:00 PM   
drobinson@endtoend.com

 

Posts: 25
Joined: 23.May2002
Status: offline
Hi Mark,

You'll need to find out whether this person is using the Safenet client or the VPN 3000 client (unified client architecture). The VPN 3000 client has an option for UDP/TCP encapsulation but it needs to be configured. The Safenet client has no such option and will not work through ISA.

(in reply to Mark H)
Post #: 3
RE: How to get VPN to work - 25.Jun.2002 2:22:00 AM   
Mark H

 

Posts: 14
Joined: 25.Sep.2001
From: Hudson Ohio USA
Status: offline
Hi and thanks for the reply
the server that we are connecting to (over the internet) is using the
VPN 3000 client

The option for UDP/TCP encapsulation
is turned on at the work side.
What we are tring to do is
shoot in across the internet from home to work
(the office)

so now what do I do?

Thanks
Mark
[Confused]

(in reply to Mark H)
Post #: 4
RE: How to get VPN to work - 25.Jun.2002 11:47:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Mark,

I assume here that the VPN client is on the internal network behind ISA. So, it is an outbound issue. Just re-read my previous post http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=1;t=000916 . It's all in there. [Big Grin]

HTH,
Stefaan

(in reply to Mark H)
Post #: 5
RE: How to get VPN to work - 28.Jun.2002 12:48:00 PM   
Mark H

 

Posts: 14
Joined: 25.Sep.2001
From: Hudson Ohio USA
Status: offline
Thanks Stefan but heres what I did and
it still does not work
UDP port send and recieve
UDP port 17 send and recieve
firewall is disabled
created an allow rule for the 2
protocols
and rebooted the server.
No work
any other suggestions?
Thanks
M [Confused]

(in reply to Mark H)
Post #: 6
RE: How to get VPN to work - 28.Jun.2002 4:06:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Mark,

your protocol definitions seems somewhat strange to me. You must have:
- UDP Port 500 Send Receive : this is for the IKE protocol (key negotiation).
- UDP Port XXXX Send Receive : this is for the UDP encapsulated ESP packets. The administrator of the VPN gateway should be able to tell you the exact portnumber to use. The port XXXX is usual something around 10000.

If you are sure about your protocol definitions, enable ISA to log all fields and check out the firewall and packet filter log to see what is really happening.

HTH,
Stefaan

(in reply to Mark H)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> VPN >> How to get VPN to work Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts