• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cannot connect to IPSEC VPN Server behind NAT (NAT-T)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Cannot connect to IPSEC VPN Server behind NAT (NAT-T) Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cannot connect to IPSEC VPN Server behind NAT (NAT-T) - 18.Jan.2008 10:33:48 AM   
colombo

 

Posts: 2
Joined: 18.Jan.2008
Status: offline 		Hi All,

I have a Windows Small Business Server 2003 SP1 environment. The server has two network interface. One for the local network clients, one for the public network so that our local clients connect to the external network via SBS 2003 ISA nat.
My problem is that I couldn't connect to an external IPSEC based VPN server from the local network behind the SBS ISA server.

I read the relevant articles, forum posts, and I have already created the necessary firewall rules on the ISA what the articles write about the NAT-T and IPSEC passthrough.

For example this:
http://www.redline-software.com/eng/support/articles/isaserver/general/how_to_pass_ipsec_traffic_through_isa_server.php

But I cannot connect.
I tried to create to this host "All outbound connection" access rule, but the result was the same.

In the ISA monitor I didn't see the denied traffic.

The VPN client program is the Checkpoint Secure Client and I set the "use NAT traversal tunneling" option.

From my home network (also behind router) I can connect to this VPN with the same options.

Could anybody help me to solve this problem? And do you have any idea at least how can I monitor the denied connection details?

Thanks in advance,

Kind regards,

Peter
Post #: 1
RE: Cannot connect to IPSEC VPN Server behind NAT (NAT-T) - 30.Jan.2009 4:41:58 AM   
OcDevil

 

Posts: 2
Joined: 9.May2005
From: Denmark
Status: offline 		Hi Colombo,

I am experiencing the same problem with my MS TMG. I am unable to connect to a Cisco VPN Concentrator using IPSec/UDP NAT-T if I connect using IPSec/TCP I have no problems.

I have managed to locate this article at the Forefront TMG Product Team blog:

http://blogs.technet.com/isablog/archive/2008/12/09/exception-list-script-for-isa-server-and-forefront-tmg-udp-updates.aspx

But it doesn't seem to work, or perhaps I am doing something wrong? Maybe You could give it a go?

(in reply to colombo)
Post #: 2
RE: Cannot connect to IPSEC VPN Server behind NAT (NAT-T) - 30.Jan.2009 5:47:32 AM   
colombo

 

Posts: 2
Joined: 18.Jan.2008
Status: offline 		Hi,

Unfortunately I cannot provide you any news about this thread.

Peter

(in reply to OcDevil)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Cannot connect to IPSEC VPN Server behind NAT (NAT-T) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts