Several users within our organisation require access to a secure network through the use of a Cisco VPN client. I am trying to figure out exactly how to allow to pass this traffic through ISA 2006.
I have had a look at an article on this site about IPSec pass through, and have followed as best as I can. With this Cisco VPN there are several other ports that need to be opened which I have created, but I am still having no luck. The worst part is I can't even see where it is being blocked (logs are showing nothing unusual). I have ensured the client machine is not causing this issue, so I was hoping someone could break down the steps in laymens so I can double check my configuration.
By the way this is an Edge firewall, in a single ISA server array.
Thanks for your reply. I have read this article, and have put everything from what I can see in place, however I'm still having no luck still. The worst part is that it appears that the rule is working. I see a entry in the ISA logs with a successful connection on port 500, yet it is still timing out on the client. After this message there is no other related entry's in the logs.
Have you got any ideas how to check traffic to try and identify where the problem is occurring?
from your description it sounds that the IKE negotiation is stuck somewhere in phase 1. In other words it sounds to be more a Cisco than an ISA problem.
I suggest you thoroughly read the related topic http://forums.isaserver.org/m_130199300/tm.htm mentioned in section '5.2. Cisco' of my article. This should give you some clue about the exact problem by analyzing the Cisco log files.
HTH, Stefaan
< Message edited by spouseele -- 20.May2007 1:05:56 PM >