Thanks Jim, yeah I read the ISA and Beyond book, most of the Articles in the isaserver.org and some other material with no luck to get the checkpoint client to pass thru ISA. But at least now I know that it probably won't work. Anyways, I will just find alternative ways to connect to the check point server. Thanks Jim Sam -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] On Behalf Of Administrator Sent: Wednesday, January 21, 2004 4:36 PM To: '[ISAserver.org Discussion List]' Subject: RE: [isalist] Checkpoint client Thanks Jim, yeah I read the ISA and Beyond book, most of the Articles in the isaserver.org and some other material with no luck. But I least now I know that it probably won't work anyways so I will just find alternative ways to connect to the check point server. Once again thanks for the feed back. Sam -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, January 20, 2004 10:31 PM To: [ISAserver.org Discussion List] Subject: [isalist] Checkpoint client http://www.ISAserver.org (changing the subject for you) Many IPSec clients fail behind ANY NAT device, not just ISA. Supposedly, there is a specific version of hte Cisco VPN client that supports NAT traversal. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 20 Jan 2004 18:06:22 -0800 "Sam Chapman" <adminone@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi all, Not to change subjects or anything but it is amazing that I have yet to speak or hear from anyone that has successfully run a secure remote checkpoint client behind ISA. Rumors are ISA changes the packet header and drops all incoming communication regardless if it is destined to a firewall or a secure Nat client, and regardless of the Ip packet filters or protocol rules that one might have setup. The question here is does ISA really allow communication between a secure remote client corporate office? I have tried it myself, opening all possible ports, creating filters and protocol rules did not work. Thank you all, Sam -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, January 20, 2004 4:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: UPS Worldship http://www.ISAserver.org Hi Michael, I'm getting a 403 to that site regardless of Web Proxy client config or not. Tom -----Original Message----- From: Michael Weber [mailto:mweber@xxxxxxxxxxxx] Sent: Tuesday, January 20, 2004 11:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: UPS Worldship http://www.ISAserver.org I am running that version, and that is the article I followed. The only other weird thing that is happening is that when I try to access https://www.uoss.ups.com/ from IE I sometimes get a 403 error, sometimes I get the login screen, and sometimes I get an internal UPS website error ("A recursive error was detected"). It seems to me that I should never get an error if I just try to access the site from a web browser. Michael Weber -----Original Message----- From: Fares Rihani (Personal) [mailto:Fares@xxxxxxxxxx] Sent: Tuesday, January 20, 2004 12:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: UPS Worldship http://www.ISAserver.org Michael, Make sure you are running the latest version. I have no problems running under 5.0.37. I had connection problems before upgrading so it is worth a shot. Here is the article for direct connection that I used. http://www.isaserver.org/tutorials/Configuring_Web_Proxy_Clients_for_Dir ect_Access.html Is that how you configured your setup? Fares Rihani -----Original Message----- From: Michael Weber [mailto:mweber@xxxxxxxxxxxx] Sent: Tuesday, January 20, 2004 12:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: UPS Worldship http://www.ISAserver.org I do have the direct connection in UPS enabled, and I have tried it with a proxy and without. With the proxy enabled, I still get the "Peer's certificate has an invalid signature" error. It just occurs after a connection to the proxy server is made. The entry in the web proxy ISA log says that it made the connection; however, it returns a 64 error code (The specified network name is no longer available). Michael Weber 192.168.0.26, anonymous, ICCTest_http/1.0, N, 1/20/2004, 12:02:26, w3proxy, <server>, -, www.uoss.ups.com, 153.2.73.100, 443, 0, 52, 1752, SSL-tunnel, TCP, -, www.uoss.ups.com:443, -, Inet, 64, 0x0, Internal access, Allow rule ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: fares@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mweber@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')