I guess I should also add that the Cisco SSL VPN sludgeware also installs a local host proxy listener. > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, October 19, 2005 8:52 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Cisco SSL VPN client > > http://www.ISAserver.org > > Hey folks, > > Anyone have any experience with the Cisco SSL VPN client > connecting to a > Cisco VPN server when the client is behind an ISA firewall > and the Cisco > SSL VPN server is behind god knows what? > > From the tests of done so far: > > =========================== > Web proxy client ONLY configuration does NOT work > > Firewall client ONLY configuration does NOT work > > Web proxy AND Firewall client configuration does NOT work > > Web proxy and SecureNAT configuration DOES work > > Firewall client and SecureNAT configuration DOES work > > Firewall client, Web proxy client and SecureNAT client configuration > DOES work > =========================== > > The Web proxy log file shows SSL connection failed with a 995 > reported. > The Firewall client doesn't even intercept the request, at least from > what I see in the Sessions tab of the console > > An example of what happens with the Web proxy filter connection is the > line below: > Original Client IP Authenticated Client Service Server Name > Referring Server Destination Host Name MIME Type Object > Source Source Proxy Destination Proxy > Bidirectional Client > Host Name Network Interface Raw IP Header Raw Payload > Source Port Processing Time Bytes Sent Bytes Received Cache > Information Log Time Client IP Destination IP > Transport Destination Port Protocol Action Rule > Client Username URL Source Network Destination > Network HTTP > Method Filter Information Error Information > Result Code > Log Record Type Client Agent HTTP Status Code > 0.0.0.0 No Proxy CELESTIX-H5L4CS webvpn.fsba.com > Internet - - - - - - > 0 0 105978 1464 0x0 10/19/2005 7:25:58 PM > 192.168.1.71 216.226.999.999 TCP 443 SSL-tunnel Failed > Connection Attempt All Open Servers anonymous > webvpn.noneya.com:443 Internal External > 0x9 Web Proxy Filter Mozilla/4.0 (compatible; MSIE > 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 995 > ============================== > > Firewall policy is All Open from source to destination network. > Web proxy filter is unbound from the HTTP protocol > > Hints, tips, tricks, guesses or anything appreciated. > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >