RE: CISCO IPSec VPN
- From: "Rafael Rodrigues - nTime" <rafael.rodrigues@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 9 Nov 2005 14:06:47 -0300
But it's network must be 10.21.90.144/30. I cannot change my internal
network (192.168.10.0/24) to be a /30!
This VPN it's closed with a partner. My partner has a firewall-1 and his
maked this VPN using a /30. At firewall-1 he adds a interface using this
network, and configurei fase I to connect using his external IP (internet
IP) and fase II using 10.21.90.145/30.
So, the guy from Cisco VPN server and my partner (from firewall-1) told me
this king of situation its commom. Any large companies ho want give access
to some internal network to a vendor, to protect his network, the company
estabilish these king of rules.
What I don?t understain, why firewall-1, cisco, Linux with a OpenSwan and
othe kind of site to site VPN can make this VPN and ISA Server 2004 cant!
Thanks!
Rafael Rodrigues.
-----Mensagem original-----
De: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Enviada em: quarta-feira, 9 de novembro de 2005 12:26
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: CISCO IPSec VPN
http://www.ISAserver.org
Two different questions.
One is IPSec-specific (configurable in the ISA UI).
Another is a basic network routing question and one end or the other will
have to change their internal structure; little guy loses.
-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Wednesday, November 09, 2005 3:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CISCO IPSec VPN
http://www.ISAserver.org
Actually, he has to setup a VPN with a Cisco device using a specific IP
address space for his internal network that the other endpoint provided.
Example:
His internal network is 192.168.10.x (configured in ISA Server's internal
network object) The VPN router admin said that his network must be
10.95.10.x
Phase I and Phase II must use DES/SHA1 with a 28800 sec lifetime. (No, the
Cisco dude won't change it)
How's he gonna configure that without having to re-address his internal
network?
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu
conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido
esta mensagem por engano, queira por favor retorná-la ao destinatário e
apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou
disseminação desta mensagem ou parte dela é expressamente proibido. A
SoftSell não é responsável pelo conteúdo ou a veracidade desta informação.
>>> Jim@xxxxxxxxxxxx 8/11/2005 23:22 >>>
http://www.ISAserver.org
OMIGOD!!
I can't believe it either!!!
Can you please provide some details of this configuration?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Rafael Rodrigues - nTime [mailto:rafael.rodrigues@xxxxxxxxxxxx]
Sent: Tuesday, November 08, 2005 16:43
To: [ISAserver.org Discussion List]
Subject: [isalist] CISCO IPSec VPN
http://www.ISAserver.org
I'm talking with Tiago de Aviz, and I can't belive that ISA Server
2004
CANOT make a VPN to a CISCO!!! It's right TOM? JIM?
Rafael Rodrigues.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rafael.rodrigues@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
