[windows2000] Re: Cisco VPN Client Through ISA Server
- From: "Tony Lyne" <Tony.Lyne@xxxxxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Wed, 26 Nov 2003 10:57:35 +1300
If you're terminating the VPN internally via a router make sure the internal
Cisco Router is up to the latest version IOS (I think its 12.xx). This will
auto negotiate NAT traversal (I think it does it by default). But to do this
the router on the end must also be of the same 12.xx IOS.
If you're using a VPN client on a workstation to connect through to another
site then you will need to disable NAT on the firewall for TCP Ports being used
for the Cisco VPN usually TCP 10000 (Not sure if ISA has the ability to do this
or not). Don't need to worry about IKE (UDP 500) as the issue here is the AH on
the IPsec packets being changed because of NAT.
Let me know if you need more info.
Tony Lyne
Senior Systems Engineer
Computerland Central
P O Box 1470
PALMERSTON NORTH
Telephone (+64) 06 3537300
Facsimile (+64) 06 3566800
Mobile (+64) 0274 720696
E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx
Internet http://www.computerland.co.nz
CAUTION: This e-mail message and accompanying data may contain information that
is confidential and subject to privilege. If you are not the intended
recipient, you are notified that any use, dissemination, distribution or
copying of this message or data is prohibited. If you have received this e-mail
in error, please notify me immediately and delete all material pertaining to
this e-mail. Thank you.
-----Original Message-----
From: Stephen Rogers [mailto:stephen.rogers@xxxxxxxxxxxxxxxx]
Sent: Wednesday, 26 November 2003 12:05 a.m.
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Cisco VPN Client Through ISA Server
Hi,
Anyone had any experience of running a Cisco VPN Client through an ISA
Server.
The VPN Client uses IP Sec over TCP something which I don't think that
ISA can handle due to it changing the packet headers and not supporting
IPSec ??
Anyone any experience of this ??
Any help would be appreciated.
Thanks,
Steve
Stephen M. Rogers
ICT Support & Development Worker
Caldedale & Kirklees Careers
tel : 01484 226703
fax : 01484 226725
This e-mail and any documents attached to it are confidential &
intended solely for the use of the addressee(s). We apologise if you
have received them in error, but would be grateful if you could destroy
them & notify us immediately by return e-mail to
careers@xxxxxxxxxxxxxxxx
To rely on, reproduce, disseminate, disclose, modify, and/or publicise
them is strictly prohibited and Calderdale & Kirklees Careers Service
Ltd disclaim all responsibility & accept no liability, including in
negligence, for any resulting consequences whatsoever.
http://www.workabout.org.uk
********************************************************
This Weeks Sponsor SeamlessPlanet.com
Register your domain name for as low as $7.75 per year!
Cheaper than Godaddy..same great service!
http://SeamlessPlanet.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor SeamlessPlanet.com
Register your domain name for as low as $7.75 per year!
Cheaper than Godaddy..same great service!
http://SeamlessPlanet.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
