RE: Publish VPN server - revisited

• From: "Crockett, Gregory" <Gregory.Crockett@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 5 Oct 2005 12:21:06 -0500

Tom,

 

Thanx for the info.  I read and tried these articles:  "Configuring
Remote Access VPN Servers in a Back to Back ISA Firewall Configuration".
The beginning sounded like what I need.  However, I am not running a
back end isa server.  I also found an article for ISA 2000 -
"Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to
Accept inbound NAT-T L2TP/IPSec Calls".   The vpn server is a
non-windows based appliance using a shared-key - no certificates.  The
Microsoft paper "Publishing a VPN Server is ISA Server 2004" stated the
LT2P over IPSec  using NAT-T must be Windows Server 2003 based.

 

This vpn server default gateway is that of a win 2003 server/rras --
this server is without ISA.  Should I change it's network to that of the
ISA Internal network and not on an internal network?

 

greg

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, October 05, 2005 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish VPN server - revisited

 

http://www.ISAserver.org

Hi Gregory,

 

There's an article on the www.isaserver.org site on how to publish NAT-T
L2TP/IPSec VPN servers. I do it all the time, along with user
certificate authentication for the EAP user auth.

 

Tom

 

Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

         

        
________________________________


        From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
        Sent: Wednesday, October 05, 2005 8:19 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Publish VPN server - revisited

        http://www.ISAserver.org

        Change NAT-T server and client to IPSec NAT-T server and client.

         

        
________________________________


        From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
        Sent: Wednesday, October 05, 2005 8:18 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Publish VPN server - revisited

         

        http://www.ISAserver.org

        ISA 2004:

         

        I have a VPN server sitting behind Windows 2003/RRAS (network
behind a network) -- the Win 2003 is SNAT with the ISA 2004.
Internally, the device, wireless remote access point (RAP), attaches to
the VPN server routing through ISA with no problems.  ISA's logging
displays NAT-T client (4500/UDP - send receive) as the protocol used.
How can I publish this VPN server/protocol to the Internet?  The VPN
server sees the Internet based RAP - I determined this by pinging the
RAP from the VPN server while they are negotiating.  Their negotiation
never comes to fruition.  The RAP just reboots and keeps trying.  Now,
this published rule to the Internet uses (NAT-T server receive send)
protocol - not the (receive send) as seen internally.

         

         

        TIA

         

        greg

         

         

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: gregory.crockett@xxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---