Hi David, but if you say "it should be send only", how get the replies back? Really, I don't understand it :-( Regards, Stefaan -----Original Message----- From: David Elmquist [mailto:david@xxxxxxxxxx] Sent: donderdag 21 maart 2002 11:07 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec http://www.ISAserver.org Hmm...my mistake again. It`s been a while, since I have seen a ISA server and I have no access to one right now. However, if the options you mention are the correct ones for UDP, I would say that it should be send only - not send/receive. I think I`d better build med e new ISA server, before I forget where I put The CD :-) David Elmquist -----Original Message----- From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] Sent: 21. marts 2002 09:46 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec Hi David, sorry, but in my ISA (SP1 v122.166) for UDP protocol directions you can NOT select direction outbound. The only choices are: send/receive (equivalent of TCP outbound), receive/send (equivalent of TCP inbound), send and receive. Could you clarify your definition of outbound. Regards, STefaan -----Original Message----- From: David Elmquist [mailto:david@xxxxxxxxxx] Sent: donderdag 21 maart 2002 8:11 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec http://www.ISAserver.org I should clarify my mixup of the terminology: The needed protocol definitions: UDP 500 outbound UDP 10000 outbound I tried the send receive mode first, but never got it to work. Can`t explain why. Some suitable protocol rule has to allow the definitions. It only works with securenat clients. Firewall clients has to be Disabled temporarily. David Elmquist -----Original Message----- From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] Sent: 21. marts 2002 00:37 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec Hi David, can you post the protocol definitions and rules you have to create? I think UDP 500 send receive and UDP 10000 send receive is all you need. Correct? Regards, Stefaan -----Original Message----- From: David Elmquist [mailto:david@xxxxxxxxxx] Sent: donderdag 21 maart 2002 0:26 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec http://www.ISAserver.org Provided that you are using the 3000 series client, it will Provide the option of UDP encapsulation. It is up to you to enable It. You do not have to create packet filters, but you do have to Define the described protocol rules and disable the firewall client. I don`t know why, though I`m sure some tweaking of the clients .ini File could fix this David Elmquist -----Original Message----- From: skip [mailto:skip@xxxxxxxxxxxxxxxxx] Sent: 20. marts 2002 23:47 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec http://www.ISAserver.org I think If install the Cisco clients vpn software on the machine, then will it provide the udp encapsulation for me or do i have to apply filters to the isa server to allow this to go through? ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: david@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')