RE: Cisco SSL VPN client

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 20 Oct 2005 08:10:31 -0700

From your fail/pass table, it appears that unless your client can use
ISA as the next hop, you're SOL.  Are you trying to test through the
tunnel or around it?
IIRC, the Shitsco VPN Crap installs as an LSP.

What kind of IP is "216.226.999.999"?  Is this Crapsco's idea of
"specialicity" in IP tunnels?

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, October 20, 2005 07:20
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Cisco SSL VPN client

http://www.ISAserver.org

I guess I should also add that the Cisco SSL VPN sludgeware also
installs a local host proxy listener. 

 

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Wednesday, October 19, 2005 8:52 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Cisco SSL VPN client
> 
> http://www.ISAserver.org
> 
> Hey folks,
> 
> Anyone have any experience with the Cisco SSL VPN client 
> connecting to a
> Cisco VPN server when the client is behind an ISA firewall 
> and the Cisco
> SSL VPN server is behind god knows what?
> 
> From the tests of done so far:
> 
> ===========================
> Web proxy client ONLY configuration does NOT work 
> 
> Firewall client ONLY configuration does NOT work
> 
> Web proxy AND Firewall client configuration does NOT work
> 
> Web proxy and SecureNAT configuration DOES work
> 
> Firewall client and SecureNAT configuration DOES work
> 
> Firewall client, Web proxy client and SecureNAT client configuration
> DOES work
> ===========================
> 
> The Web proxy log file shows SSL connection failed with a 995 
> reported.
> The Firewall client doesn't even intercept the request, at least from
> what I see in the Sessions tab of the console
> 
> An example of what happens with the Web proxy filter connection is the
> line below:
> Original Client IP    Authenticated Client    Service Server Name
> Referring Server      Destination Host Name   MIME Type       Object
> Source        Source Proxy    Destination Proxy       
> Bidirectional Client
> Host Name     Network Interface       Raw IP Header   Raw Payload
> Source Port   Processing Time Bytes Sent      Bytes Received  Cache
> Information   Log Time        Client IP       Destination IP
> Transport     Destination Port        Protocol        Action  Rule
> Client Username       URL     Source Network  Destination 
> Network       HTTP
> Method        Filter Information      Error Information       
> Result Code
> Log Record Type       Client Agent    HTTP Status Code
> 0.0.0.0       No      Proxy   CELESTIX-H5L4CS         webvpn.fsba.com
> Internet      -       -               -       -       -       -
> 0     0       105978  1464    0x0     10/19/2005 7:25:58 PM
> 192.168.1.71  216.226.999.999 TCP     443     SSL-tunnel      Failed
> Connection Attempt    All Open Servers        anonymous
> webvpn.noneya.com:443 Internal        External
> 0x9           Web Proxy Filter        Mozilla/4.0 (compatible; MSIE
> 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)  995 
> ==============================
> 
> Firewall policy is All Open from source to destination network.
> Web proxy filter is unbound from the HTTP protocol
> 
> Hints, tips, tricks, guesses or anything appreciated.
>  
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/> 
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
> MVP -- ISA Firewalls
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client
• » RE: Cisco SSL VPN client

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---