RE: ISA2004 behind Zywall 70: VPN pass-through

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 11 Apr 2005 07:27:32 -0500

Hi Zsolt,
 
IKE is UDP 500
IETF NAT-T is UDP 4500
L2TP/IPSec uses UDP 1701 for the control channel
 
The TCP rules are not required.
 
Is there a NAT relationship between the Internal and the DMZ between the
Zywall and the ISA firewall?
 
Is the default gateway on the ISA firewall set to the LAN interface of
the Zywall?
 
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

________________________________

From: Aranyi Zsolt [mailto:aranyi.zsolt@xxxxxxxxxxxxxxxxxx] 
Sent: Monday, April 11, 2005 7:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA2004 behind Zywall 70: VPN pass-through


http://www.ISAserver.org

Hi Everybody,
 
We have just bought a Zywall 70 firewall for our company. We have a
network layout as follows:
 
Internet->Zywall70->ISA2004->Internal network
 
For some reasons we want the ISA2004 server to be the VPN server for our
braches, though the Zywall is capable of it too.
 
We have tried to get Zywall70 to pass through VPN connections. These
steps we made:
 
-deleted all VPN Rules on Zywall
-created port forwarding rules for ports 500, 4500, 1701 to the External
IP address of ISA2004
-created WAN2LAN firewall rule from any source to ISA2004 external IP
address for ports IKE(UDP:500), TCP/UDP:4500, TCP/UDP:1701
-created WAN2WAN/ZYWALL firewall rule from any source to our public
external IP address for ports IKE(UDP:500), TCP/UDP:4500, TCP/UDP:1701
 
That's all we could get from Internet mailing lists and other sources.
 
Could you please help us to configure the Zywall 70 equipment for us to
be able to create VPN connections to our ISA2004 server?
 
Thank you in advance,
 
Zsolt Aranyi
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » ISA2004 behind Zywall 70: VPN pass-through
• » RE: ISA2004 behind Zywall 70: VPN pass-through

1. Home
2. isalist
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---