Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Connection Problems with Sonicwall GVC & ISA server 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Connection Problems with Sonicwall GVC & ISA server... - 22.Nov.2006 9:12:34 PM
|
|
|
SNarayan
Posts: 3
Joined: 16.Dec.2003
Status: offline
|
Hi Stefaan,
I have selected from the "VPN and IPSec" protocols list in ISA Server 2004.
IKE Client, IKE Server, NAT-T Client, NAT-Server, L2TP Client, L2TP Server, PPTP and PPTP Server protocols.
From/Listener = All Networks
To = All Networks
Condition = All Users
When I enable the Sonicwall GVC, on the monitoring tab, I see that IKE Client protocol is initiated on port 500.
From the logs:
UDP 172.10.0.43:500 61.29.76.190:500 172.10.0.43 Internal External Establish 0x0 IPSec VPN Client IKE Client
The client pcs do not have any FWC. I tried also after installing FWC but does not help.
Thanks,
Shaneil
|
|
|
|
|
RE: Connection Problems with Sonicwall GVC & ISA server... - 23.Nov.2006 2:03:13 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Shaneil,
quote:
I have selected from the "VPN and IPSec" protocols list in ISA Server 2004.
IKE Client, IKE Server, NAT-T Client, NAT-Server, L2TP Client, L2TP Server, PPTP and PPTP Server protocols.
For IPSec based VPNs you only need IKE Client and NAT-T Client. For PPTP based VPN's you only need PPTP. So, remove all those unneeded protocols. 
quote:
From/Listener = All Networks
To = All Networks
Condition = All Users
I don't like the All Networks object, not even for testing. At least you should know what your source and destination networks are! 
It looks that ISA Server allows those requests through. If you want to be 100% sure, verify it with a NetMon trace on the ISA External interface.
Take note that the source UDP port will be different from 500. Maybe the remote site don't like that or something along the path does filter the IPSec traffic out.
HTH,
Stefaan
|
|
|
|
|
RE: How to pass IPSec traffic through ISA Server - 23.Apr.2008 9:58:30 AM
|
|
|
imfruity
Posts: 8
Joined: 16.Jul.2005
From: Lenexa
Status: offline
|
Stefaan,
I can see that it has been a while since anyone as posted but here goes. I have an ISA 2006 and have followed the setup rules in this Microsoft article: http://support.microsoft.com/default.aspx?scid=kb;en-us;812076.
Basically allowing 500, 4500 and 10,000 udp send/receive through. I have a cisco client 4.x that I have recived from a vendor that I need to connect to.
They are using Cisco ASA (I believe). We can connect though our guest wireless and ping their internal sites(does not go though ISA) but when we do it from internally I see the ISA rules hit and he claims that we get past Phase 1 and 2 on his side but once connected we can not ping or see any resources.
On the client side we have transparent tunneling enabled but the "options/About" show that is is not on his side.
I am assuming that this part makes it impossible to nat to his network. Are we only lacking the transparent tunneling?
I did read your article but was unable to anwser my own question.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
