Welcome to ISAserver.org

Allow Cisco VPN Client pass through (IPSec)

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> Installation and Planning >> Allow Cisco VPN Client pass through (IPSec)

Page: [1]

Message

<< Older Topic Newer Topic >>

Allow Cisco VPN Client pass through (IPSec) - 13.May2007 9:02:52 PM

DB Hislop

Posts: 7
Joined: 10.Oct.2005
Status: offline

Hi All,

Several users within our organisation require access to a secure network through the use of a Cisco VPN client. I am trying to figure out exactly how to allow to pass this traffic through ISA 2006.

I have had a look at an article on this site about IPSec pass through, and have followed as best as I can. With this Cisco VPN there are several other ports that need to be opened which I have created, but I am still having no luck. The worst part is I can't even see where it is being blocked (logs are showing nothing unusual). I have ensured the client machine is not causing this issue, so I was hoping someone could break down the steps in laymens so I can double check my configuration.

By the way this is an Edge firewall, in a single ISA server array.

Thanks again

Dean

Post #: 1

Featured Links*

RE: Allow Cisco VPN Client pass through (IPSec) - 14.May2007 2:17:49 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Dean,

did you read How to pass IPSec traffic through ISA Server? Though written for ISA 2000, the exact same principles apply to an ISA 2004/2006 installation.

HTH,
Stefaan

(in reply to DB Hislop)

Post #: 2

RE: Allow Cisco VPN Client pass through (IPSec) - 20.May2007 2:29:51 AM

DB Hislop

Posts: 7
Joined: 10.Oct.2005
Status: offline

Hi Spouseele,

Thanks for your reply. I have read this article, and have put everything from what I can see in place, however I'm still having no luck still. The worst part is that it appears that the rule is working. I see a entry in the ISA logs with a successful connection on port 500, yet it is still timing out on the client. After this message there is no other related entry's in the logs.

Have you got any ideas how to check traffic to try and identify where the problem is occurring?

Regards

Dean

(in reply to spouseele)

Post #: 3

RE: Allow Cisco VPN Client pass through (IPSec) - 20.May2007 11:04:40 AM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Dean,

from your description it sounds that the IKE negotiation is stuck somewhere in phase 1. In other words it sounds to be more a Cisco than an ISA problem.

I suggest you thoroughly read the related topic http://forums.isaserver.org/m_130199300/tm.htm mentioned in section '5.2. Cisco' of my article. This should give you some clue about the exact problem by analyzing the Cisco log files.

HTH,
Stefaan

< Message edited by spouseele -- 20.May2007 1:05:56 PM >

(in reply to DB Hislop)

Post #: 4