RE: Publish VPN server - revisited
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 5 Oct 2005 18:09:55 -0500
Hi Greg,
What device are you terminating the VPN client connection at?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Wednesday, October 05, 2005 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish VPN server - revisited
http://www.ISAserver.org
Tom,
Thanx for the info. I read and tried these articles:
"Configuring Remote Access VPN Servers in a Back to Back ISA Firewall
Configuration". The beginning sounded like what I need. However, I am
not running a back end isa server. I also found an article for ISA 2000
- "Configuring Windows Server 2003-based ISA Server Firewall/VPN Server
to Accept inbound NAT-T L2TP/IPSec Calls". The vpn server is a
non-windows based appliance using a shared-key - no certificates. The
Microsoft paper "Publishing a VPN Server is ISA Server 2004" stated the
LT2P over IPSec using NAT-T must be Windows Server 2003 based.
This vpn server default gateway is that of a win 2003
server/rras -- this server is without ISA. Should I change it's network
to that of the ISA Internal network and not on an internal network?
greg
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, October 05, 2005 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish VPN server - revisited
http://www.ISAserver.org
Hi Gregory,
There's an article on the www.isaserver.org site on how to
publish NAT-T L2TP/IPSec VPN servers. I do it all the time, along with
user certificate authentication for the EAP user auth.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Crockett, Gregory
[mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Wednesday, October 05, 2005 8:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish VPN server - revisited
http://www.ISAserver.org
Change NAT-T server and client to IPSec NAT-T server and
client.
________________________________
From: Crockett, Gregory
[mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Wednesday, October 05, 2005 8:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Publish VPN server - revisited
http://www.ISAserver.org
ISA 2004:
I have a VPN server sitting behind Windows 2003/RRAS
(network behind a network) -- the Win 2003 is SNAT with the ISA 2004.
Internally, the device, wireless remote access point (RAP), attaches to
the VPN server routing through ISA with no problems. ISA's logging
displays NAT-T client (4500/UDP - send receive) as the protocol used.
How can I publish this VPN server/protocol to the Internet? The VPN
server sees the Internet based RAP - I determined this by pinging the
RAP from the VPN server while they are negotiating. Their negotiation
never comes to fruition. The RAP just reboots and keeps trying. Now,
this published rule to the Internet uses (NAT-T server receive send)
protocol - not the (receive send) as seen internally.
TIA
greg
Other related posts:
