If you're terminating the VPN internally via a router make sure the internal Cisco Router is up to the latest version IOS (I think its 12.xx). This will auto negotiate NAT traversal (I think it does it by default). But to do this the router on the end must also be of the same 12.xx IOS. If you're using a VPN client on a workstation to connect through to another site then you will need to disable NAT on the firewall for TCP Ports being used for the Cisco VPN usually TCP 10000 (Not sure if ISA has the ability to do this or not). Don't need to worry about IKE (UDP 500) as the issue here is the AH on the IPsec packets being changed because of NAT. Let me know if you need more info. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. -----Original Message----- From: Stephen Rogers [mailto:stephen.rogers@xxxxxxxxxxxxxxxx] Sent: Wednesday, 26 November 2003 12:05 a.m. To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Cisco VPN Client Through ISA Server Hi, Anyone had any experience of running a Cisco VPN Client through an ISA Server. The VPN Client uses IP Sec over TCP something which I don't think that ISA can handle due to it changing the packet headers and not supporting IPSec ?? Anyone any experience of this ?? Any help would be appreciated. Thanks, Steve Stephen M. Rogers ICT Support & Development Worker Caldedale & Kirklees Careers tel : 01484 226703 fax : 01484 226725 This e-mail and any documents attached to it are confidential & intended solely for the use of the addressee(s). We apologise if you have received them in error, but would be grateful if you could destroy them & notify us immediately by return e-mail to careers@xxxxxxxxxxxxxxxx To rely on, reproduce, disseminate, disclose, modify, and/or publicise them is strictly prohibited and Calderdale & Kirklees Careers Service Ltd disclaim all responsibility & accept no liability, including in negligence, for any resulting consequences whatsoever. http://www.workabout.org.uk ******************************************************** This Weeks Sponsor SeamlessPlanet.com Register your domain name for as low as $7.75 per year! Cheaper than Godaddy..same great service! http://SeamlessPlanet.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor SeamlessPlanet.com Register your domain name for as low as $7.75 per year! Cheaper than Godaddy..same great service! http://SeamlessPlanet.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm