CISCO VPN Client through MS ISA
#1
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: Warwickshire, UK
Posts: 1,185
Likes: 0
Received 0 Likes
on
0 Posts
This is driving me nuts.
I can use a CISCO VPN Client to connect to a VPN server and then TS/RDC to a machine. This is from a server directly connected to the Internet.
Ideally I need to do this from a desktop that gets out onto the Internet via MS ISA Server. Problem seems to be with the coexistence of the CISCO client installed on a desktop with an ISA client. I have tried all sorts of options and have added appropriate ports to the ISA firewall settings.
Anyone got any experience of this? Driving me mad.
Cheers
Matt
I can use a CISCO VPN Client to connect to a VPN server and then TS/RDC to a machine. This is from a server directly connected to the Internet.
Ideally I need to do this from a desktop that gets out onto the Internet via MS ISA Server. Problem seems to be with the coexistence of the CISCO client installed on a desktop with an ISA client. I have tried all sorts of options and have added appropriate ports to the ISA firewall settings.
Anyone got any experience of this? Driving me mad.
Cheers
Matt
#2
Scooby Regular
Matt,
Is the desktop your're trying to run the VPN client on using NAT behind the ISA server?
I've had loads of VPN troubleshooting to do recently on Linux-based VPN using NetScreen-Remote VPN client, so not your setup.
I can VPN LAN-LAN with VPN gateway's either side. I can VPN to either LAN using a laptop and a direct net connection, but I can't VPN from a LAN desktop to a remote VPN LAN when using NAT. It's down to the Masquerade/NAT and I haven't found a solution (if one exists). The only possibility I can think of is port-forwarding of ALL the VPN ports.
Your desktop machine will be seen as the public IP address of your ISA by the remote VPN gateway. It will send all packets to that IP address. The ISA server must then forward these all onto the internal IP address of your desktop.
This will only work with 1 desktop, so if you've got more then you're really needing a VPN gateway.
Stefan
Is the desktop your're trying to run the VPN client on using NAT behind the ISA server?
I've had loads of VPN troubleshooting to do recently on Linux-based VPN using NetScreen-Remote VPN client, so not your setup.
I can VPN LAN-LAN with VPN gateway's either side. I can VPN to either LAN using a laptop and a direct net connection, but I can't VPN from a LAN desktop to a remote VPN LAN when using NAT. It's down to the Masquerade/NAT and I haven't found a solution (if one exists). The only possibility I can think of is port-forwarding of ALL the VPN ports.
Your desktop machine will be seen as the public IP address of your ISA by the remote VPN gateway. It will send all packets to that IP address. The ISA server must then forward these all onto the internal IP address of your desktop.
This will only work with 1 desktop, so if you've got more then you're really needing a VPN gateway.
Stefan
#4
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: Warwickshire, UK
Posts: 1,185
Likes: 0
Received 0 Likes
on
0 Posts
I made my desktop a secureNAT Client (i.e. the ISA internal NIC IP is set as the Default Gateway on my desktop NIC). I do not have any Proxy settings, set for my Internet Options. I have removed the Firewall Client.
On the ISA I have setup Send and Receive for UDP Ports 500, 4500 and 10000. BTW also installed SPK1. Don't know if that helped?
The VPN Client now connects! Yippeeee.
Next job is to get this result whilst using the FWC on the desktop as I need that for other things. Never satisfied
BTW Note: IPSec over TCP won't work though ISA so you have to do UDP! Also make sure the CISCO end is setup for NAT-T.
On the ISA I have setup Send and Receive for UDP Ports 500, 4500 and 10000. BTW also installed SPK1. Don't know if that helped?
The VPN Client now connects! Yippeeee.
Next job is to get this result whilst using the FWC on the desktop as I need that for other things. Never satisfied
BTW Note: IPSec over TCP won't work though ISA so you have to do UDP! Also make sure the CISCO end is setup for NAT-T.
Thread
Thread Starter
Forum
Replies
Last Post
Puff The Magic Wagon!
Non Scooby Related
2
26 September 2001 05:38 PM