• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion for Configuring Windows Server 2003-based ISA/VPN NAT-T Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Discussion for Configuring Windows Server 2003-based ISA/VPN NAT-T Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion for Configuring Windows Server 2003-based IS... - 7.Aug.2003 5:21:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussion of the Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to Accept inbound NAT-T L2TP/IPSec Calls article at http://isaserver.org/tutorials/natt2003.html.

Thanks!
Tom

[ August 07, 2003, 05:30 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion for Configuring Windows Server 2003-base... - 7.Aug.2003 9:27:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

thanks to mention my article! [Smile]

Thanks,
Stefaan

(in reply to tshinder)
Post #: 2
RE: Discussion for Configuring Windows Server 2003-base... - 7.Aug.2003 9:41:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

You are welcome! [Smile]

Thanks!
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion for Configuring Windows Server 2003-base... - 12.Aug.2003 12:41:00 PM   
terryjr

 

Posts: 5
Joined: 12.Aug.2003
From: UK
Status: offline
Why is it that you have to untick the "Ask unauthenticated users for identification" check box? Wouldn't it work just as well with it on?

Thanks

Terry

(in reply to tshinder)
Post #: 4
RE: Discussion for Configuring Windows Server 2003-base... - 12.Aug.2003 2:35:00 PM   
Guest
You claim the advantage of ISA VPN NAT-T is that it is RFC compliant. Which RFC? I was under the impression is was still a draft. Also, PIX and Checkpoint both support the draft proposal.

(in reply to tshinder)
  Post #: 5
RE: Discussion for Configuring Windows Server 2003-base... - 12.Aug.2003 4:58:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stan,

Yes, but not everyone is using it. We see too many requests for UDP 10000 and TCP ports.

HTH,
Tom

(in reply to tshinder)
Post #: 6
RE: Discussion for Configuring Windows Server 2003-base... - 12.Aug.2003 5:02:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by terryjr:
Why is it that you have to untick the "Ask unauthenticated users for identification" check box? Wouldn't it work just as well with it on?

Thanks

Terry

Hi Terry,

I put the wrong link in the article. Here's the new link:

http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=010118#000000

Thanks!
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion for Configuring Windows Server 2003-base... - 15.Sep.2003 11:39:00 PM   
Guest
I was playing with ISA and windows 2003 server VPN but can't get the L2TP/IPSec to work.
I am testing the server internally with the 10.2.20.0 as the internal network and 10.2.30.0 the dummy external network with multiple ip's defined on the external nic. I have followed your instructions for setting up the vpn client and the server.
I put my laptop on the hub for the external nic and when i try and connect, the server says "me" "no policies defined" in the event log, and the connection fails.
I looked in policy manager and the policies appear to be there.
I created a ipsec policy while testing and this allows the connection but an event in the log then comes up saying the client and server were trying to connect in different modes, tunnel etc.
Any ideas?

Thanks
Jase

(in reply to tshinder)
  Post #: 8
RE: Discussion for Configuring Windows Server 2003-base... - 16.Sep.2003 5:35:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jase,

Check out the VPN Deployment Kit over at www.isaserver.org/shinder

All the details on how to set this up are there.

HTH,
Tom

(in reply to tshinder)
Post #: 9
RE: Discussion for Configuring Windows Server 2003-base... - 6.Mar.2005 11:50:00 PM   
auto

 

Posts: 3
Joined: 7.Aug.2004
Status: offline
I setup VPN access on my ISA 2004 and am getting to the ISA 2004 on port 500 but both ends are timing out. (based on log entries) The problem is that my "dear" ISP blocks incoming protocols up through port 1024 "for my protection". Some 3rd party VPN clients can be set to initiate negotiations on UDP 4500 (NAT-T) instead of 500.
Does anyone know of a way to force Windows XPSP2 VPN client to initiate security negotiations on UDP 4500 by default?

(in reply to tshinder)
Post #: 10
RE: Discussion for Configuring Windows Server 2003-base... - 31.Mar.2005 10:16:00 PM   
brendalisalowe

 

Posts: 19
Joined: 10.Aug.2004
Status: offline
Hello. I just set up the VPN access thing found here:
http://www.isaserver.org/tutorials/natt2003.html My question, is how do I log on now. I don't even no where to go on a PC to do that. Thanks for any help!

(in reply to tshinder)
Post #: 11
RE: Discussion for Configuring Windows Server 2003-base... - 6.Oct.2005 2:32:00 AM   
iraq it

 

Posts: 297
Joined: 1.Jul.2005
From: Iraq
Status: offline
Any Document for configuring L2TP/IPSec on ISA2004?

(in reply to tshinder)
Post #: 12
RE: Discussion for Configuring Windows Server 2003-base... - 3.Dec.2005 6:29:18 PM   
weismann

 

Posts: 2
Joined: 3.Dec.2005
Status: offline
I have read Microsoft and other threads about not putting the 2003 Server behind a NAT-T firewall, due to unexpected results, but not
a good clear explanation of the problem in any details. Any good pointers and/or explanations for this. Yes I have read your good explanations of the client side of NAT-T support issues. They were great. Just not sure of the "unexpected results" of running VPN L2TP/IPSEC Server behind NAt-T well.
I am hoping it is just to avoid some corner case scenarios and that I can reach a VPN server that doesn't have static ip addresses on
the server side.

(in reply to iraq it)
Post #: 13
RE: Discussion for Configuring Windows Server 2003-base... - 3.Dec.2005 6:32:17 PM   
weismann

 

Posts: 2
Joined: 3.Dec.2005
Status: offline
From my last message my reference to "static ip address" should be "static PUBLIC ip address".

(in reply to weismann)
Post #: 14
RE: Discussion for Configuring Windows Server 2003-base... - 27.Feb.2006 6:24:40 AM   
clowg

 

Posts: 7
Joined: 8.Dec.2002
Status: offline
quote:

ORIGINAL: tshinder

Hi Jase,

Check out the VPN Deployment Kit over at www.isaserver.org/shinder

All the details on how to set this up are there.

HTH,
Tom


Tom - I can't find the ISA Server 2004 VPN doc... can u please provide a link?

Cheers,

Geoff.

(in reply to tshinder)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Discussion for Configuring Windows Server 2003-based ISA/VPN NAT-T Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts