Hi Zsolt, IKE is UDP 500 IETF NAT-T is UDP 4500 L2TP/IPSec uses UDP 1701 for the control channel The TCP rules are not required. Is there a NAT relationship between the Internal and the DMZ between the Zywall and the ISA firewall? Is the default gateway on the ISA firewall set to the LAN interface of the Zywall? Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Aranyi Zsolt [mailto:aranyi.zsolt@xxxxxxxxxxxxxxxxxx] Sent: Monday, April 11, 2005 7:00 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA2004 behind Zywall 70: VPN pass-through http://www.ISAserver.org Hi Everybody, We have just bought a Zywall 70 firewall for our company. We have a network layout as follows: Internet->Zywall70->ISA2004->Internal network For some reasons we want the ISA2004 server to be the VPN server for our braches, though the Zywall is capable of it too. We have tried to get Zywall70 to pass through VPN connections. These steps we made: -deleted all VPN Rules on Zywall -created port forwarding rules for ports 500, 4500, 1701 to the External IP address of ISA2004 -created WAN2LAN firewall rule from any source to ISA2004 external IP address for ports IKE(UDP:500), TCP/UDP:4500, TCP/UDP:1701 -created WAN2WAN/ZYWALL firewall rule from any source to our public external IP address for ports IKE(UDP:500), TCP/UDP:4500, TCP/UDP:1701 That's all we could get from Internet mailing lists and other sources. Could you please help us to configure the Zywall 70 equipment for us to be able to create VPN connections to our ISA2004 server? Thank you in advance, Zsolt Aranyi ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx