RE: IPSEC Pass-through

  • From: "Bradley C. Mitchell" <bmitchell@xxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 28 Oct 2004 12:07:31 -0400

Tom,

 

I have not read this completely through but would this be a solution?

 

Just found via Google

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsectunnelmo
devpn.mspx

 

 

Brad

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, October 28, 2004 11:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IPSEC Pass-through

 

http://www.ISAserver.org

Hi Bradley,

 

Outbound UDP 500 is fine, as that's required for IKE. However, many of
the NAT-T kludges require that the source port also be 500. No good, not
standard, and patently unfair to their customers to break
interoperability with IETF compliant VPN servers.

 

HTH,

Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

 

________________________________

From: Bradley C. Mitchell [mailto:bmitchell@xxxxxxxxxx] 
Sent: Thursday, October 28, 2004 10:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IPSEC Pass-through

http://www.ISAserver.org

Tom,

 

100% correct, UDP is 500

 

 

Brad

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, October 28, 2004 11:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IPSEC Pass-through

 

http://www.ISAserver.org

Hi Bradley,

 

IIRC, the Linksys NAT-T kludge is NOT IETF compliant. I.e. -- they're
locking you into their proprietary solution. Bet you a nickle their
kludge requires the source port be UDP 500. 

 

The ISA firewall (and Win2k and Win2003) is IETF and RFC compliant.
Might want to give Cisco a call on this (they own Linksys now).

 

HTH,

 

Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

 

________________________________

From: Bradley C. Mitchell [mailto:bmitchell@xxxxxxxxxx] 
Sent: Thursday, October 28, 2004 10:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] IPSEC Pass-through

http://www.ISAserver.org

Greetings,

 

I have one machine that is behind ISA 2004, that has to connect to a
linksys vpn router.  I have read several post and articles but have yet
to been able to get pass phase 1.  Can this be done?

 

 

Thanks

 

Brad

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bmitchell@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bmitchell@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2004