RE: more Cisco VPN..

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 28 Feb 2006 20:29:14 -0600

Hi Scott,
The client's dedicated interface has to be on a differenet network ID
than the IP address assigned to the VPN client.

HTH,
Tom 


Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Talley, Scott [mailto:stalley@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, February 28, 2006 8:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] more Cisco VPN..

http://www.ISAserver.org

Hello all,  I'm having the classic issue of Cisco VPN client out from
behind ISA2kSP2/Win03SP1.  Can connect to the remote Cisco VPN gadget,
acquire a dhcp address, then nothing.  Can't even ping a host on the
remote network.  Cisco client shows keep-alive traffic flowing outbound,
but nothing inbound.

I've carefully checked my config, allowing UDP 500/4500/10000/20000 s/r
according to Stephans excellent docs and kb812076, my client machines
are SNAT.  I've verified that they have IPsec over UDP nat/pat engaged
on the gizmo and are using the standard udp 4500 port for encapsulation.
I don't see any any denied connections in the logs.

Now here's the craziest part:  Their network guys are telling me that
because I use a 10.10.10.x network and they use a 10.10.x.x network,
that routing is impossible.  Now I'm obviously no networking wizard, but
can anyone throw me some ammo?

Thank you,

Scott Talley
IT Manager, The Combined Group
e> stalley@xxxxxxxxxxxxxxxxx
p> 469.892.9829
f> 469.892.9710

NOTICE: This e mail (including attachments) is covered by the Electronic
Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may
be legally privileged. If you are not the intended recipient, you are
hereby notified that any retention, dissemination, distribution or
copying of this communication is strictly prohibited. Please reply to
the sender that you have received the message in error, then delete.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » more Cisco VPN..
• » RE: more Cisco VPN..
• » RE: more Cisco VPN..
• » RE: more Cisco VPN..

1. Home
2. isalist
3. Archive
4. 02-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---