Welcome to ISAserver.org

Cisco VPN Client

Users viewing this topic: none

Logged in as: Guest

All Forums >> [ISA Server 2000 Firewall] >> VPN >> Cisco VPN Client

Page: [1]

Message

<< Older Topic Newer Topic >>

Cisco VPN Client - 10.Jul.2002 10:23:00 PM

arsoley

Posts: 7
Joined: 4.Jun.2002
From: virginia
Status: offline

I need to allow a user on my company LAN to access a remote site using Cisco's VPN Client. How difficult is it to allow that traffic through?

Post #: 1

RE: Cisco VPN Client - 10.Jul.2002 10:42:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi dru,

some links about this subject:
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=001902
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=002752
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=13;t=000503
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=13;t=000495
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=13;t=000570
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=13;t=000684
- http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=1;t=000916

The basic setup is:

1. Create two protocol definitions:
- UDP Port 500 Send Receive : this is for the IKE protocol (key negotiation).
- UDP Port XXXX Send Receive : this is for the UDP encapsulated ESP packets. The administrator of the VPN gateway should be able to tell you the exact portnumber to use.

2. Next, create a protocol rule who allows those two created protocols.

3. One thing you must keep in mind is that the client must be a SecureNAT client and that the firewall client must be disabled when setting up the VPN connection. Also, when certificates are involved disable filtering of IP fragments on ISA.

BTW --- in general, any IPSec implementation who supports NAT Traversal or UDP encapsulated ESP should work from behind ISA.

HTH,
Stefaan

(in reply to arsoley)

Post #: 2