RE: Internal Firewall 1 VPN client access VPN server through ISA Server Help

• From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 1 May 2002 16:17:49 +0200

Hi Kent,

check out
http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=13;t=000326
and other posts on http://www.isaserver.org/cgi-bin/Ultimatebb.cgi .

The trick is to use the UDP encapsulation feature (IPSec NAT traversal)
between the Secure Remote client and the Checkpoint.

HTH,
Stefaan

-----Original Message-----
From: Kent G [mailto:kent.goldfinch@xxxxxxxxxxxxxx]
Sent: woensdag 1 mei 2002 7:07
To: [ISAserver.org Discussion List]
Subject: [isalist] Internal Firewall 1 VPN client access VPN server
through ISA Server Help


http://www.ISAserver.org


My customer has a Firewall 1 VPN client installed on a Windows 2000 Server
Sp2 in the internal (LAN) network that must connect to a Firewall 1 VPN
server in another LAN and country. We are using ISA as web cache and
firewalling. This ISA server naturally lies between the internal client
and the Internet/VPN server.

I have been advised to open some ports for in/outbound traffic.
For outbound I attempted to grant access via protocol rules but found only
TCP and UDP protocols can be used. Problem when we must enable protocol 50
& 94.

I have configured IP packet filtering as if anyone requires to know how
ISA serve is configured:

Protocol=TCP tcp Direction=Both, Local Port=Dynamic, Remote Port= 256
Protocol=UDP Directio=Send Receive, Local Port=Dynamic, Remote Port= 259
Protocol=UDP Directio=Send Receive, Local Port=Dynamic, Remote Port= 500
Protocol=94 Directio=Both, Local Port=N/A, Remote Port= N/A
Protocol=50 Directio=Both, Local Port=N/A, Remote Port= N/A

I have noticed some articles that mentioned there are issues with IPSec
through ISA. IS THIS CORRECT.
Also, are these the correct ports,method, and settings to open these
ports????

Any help would be greatly appreciated.

KENT

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Internal Firewall 1 VPN client access VPN server through ISA Server Help
• » RE: Internal Firewall 1 VPN client access VPN server through ISA Server Help

1. Home
2. isalist
3. Archive
4. 05-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---