• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Allow Cisco VPN Client pass through (IPSec)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Allow Cisco VPN Client pass through (IPSec) Page: [1]
Login
Message << Older Topic   Newer Topic >>
Allow Cisco VPN Client pass through (IPSec) - 13.May2007 9:02:52 PM   
DB Hislop

 

Posts: 7
Joined: 10.Oct.2005
Status: offline
Hi All,

Several users within our organisation require access to a secure network through the use of a Cisco VPN client. I am trying to figure out exactly how to allow to pass  this traffic through ISA 2006.

I have had a look at an article on this site about IPSec pass through, and have followed as best as I can. With this Cisco VPN there are several other ports that need to be opened which I have created, but I am still having no luck. The worst part is I can't even see where it is being blocked (logs are showing nothing unusual). I have ensured the client machine is not causing this issue, so I was hoping someone could break down the steps in laymens so I can double check my configuration.

By the way this is an Edge firewall, in a single ISA server array.

Thanks again

Dean
Post #: 1
RE: Allow Cisco VPN Client pass through (IPSec) - 14.May2007 2:17:49 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Dean,

did you read How to pass IPSec traffic through ISA Server? Though written for ISA 2000, the exact same principles apply to an ISA 2004/2006 installation.

HTH,
Stefaan

(in reply to DB Hislop)
Post #: 2
RE: Allow Cisco VPN Client pass through (IPSec) - 20.May2007 2:29:51 AM   
DB Hislop

 

Posts: 7
Joined: 10.Oct.2005
Status: offline
Hi Spouseele,

Thanks for your reply. I have read this article, and have put everything from what I can see in place, however I'm still having no luck still. The worst part is that it appears that the rule is working. I see a entry in the ISA logs with a successful connection on port 500, yet it is still timing out on the client. After this message there is no other related entry's in the logs.

Have you got any ideas how to check traffic to try and identify where the problem is occurring?

Regards

Dean

(in reply to spouseele)
Post #: 3
RE: Allow Cisco VPN Client pass through (IPSec) - 20.May2007 11:04:40 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Dean,

from your description it sounds that the IKE negotiation is stuck somewhere in phase 1. In other words it sounds to be more a Cisco than an ISA problem.

I suggest you thoroughly read the related topic http://forums.isaserver.org/m_130199300/tm.htm mentioned in section '5.2. Cisco' of my article. This should give you some clue about the exact problem by analyzing the Cisco log files.

HTH,
Stefaan

< Message edited by spouseele -- 20.May2007 1:05:56 PM >

(in reply to DB Hislop)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Allow Cisco VPN Client pass through (IPSec) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts