Looking for a work around- IPSEC client thru ISA

  • From: "Greg Foulks" <greg.foulks@xxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 22 Mar 2002 12:26:07 -0500

A customer of ours recently incorporated a VPN solution for it's employee's and 
contractors. This solution is from Nortel.

They sent me a CD which has a VPN client that I've installed on my Win2k Pro 
box. This client says that it is using IPSEC and I've
got a SecurID Token that I use in conjunction with my username and pin.


I'm sitting behind an ISA server that acts as my "gateway" for all internal 
clients.


I've read that ISA (NAT) does not like IPSEC or rather IPSEC does not like 
connections coming from NAT'd systems.


So as you can see we are unable to connect to our clients VPN server from 
behind our ISA server. The only way that I've been able to
get by is by installing another NIC into my machine and assigning it a public 
IP address and setting the gateway to our external
router. I've put a little firewall (BlackIce) on my PC so that when I 
disconnect my internal lan and enable my external connection
I'm not just sitting out in the public network naked.

If I have to do this as a solution I guess it is fine but another scenario has 
come up.


I might need to VPN into my office PC from home connecting through my ISA 
server (Which servers as my VPN server for the office)
connect to my computer using PCAnywhere and then would need to connect to said 
customer. Obviously this can't be done because as
soon as I disable my local lan I'll be dropped by my work pc.


Am I the only one who needs to connect to a IPSEC VPN server through ISA? Does 
anyone have a suitable workaround other than a dual
NIC configuration?

Thanks in advance for all that respond!

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005



Other related posts: