RE: Issue on ISA-ISA gateway VPN with PIX in-between.

• From: Christian.Schramm@xxxxxxxxxxxxxx
• To: isalist@xxxxxxxxxxxxx
• Date: Thu, 22 May 2003 08:54:27 +0200

PIX firewalls often have some "application filter" to prevent malformed
packets to be passed. These are often called "fix-up protocols"... Try to
disable this for your needed protocols...
 
Greets...

-----Ursprüngliche Nachricht-----
Von: Grefenp Berchmann C Sodusta [mailto:grefenp@xxxxxxxxxxx] 
Gesendet: Mittwoch, 21. Mai 2003 22:09
An: [ISAserver.org Discussion List]
Betreff: [isalist] Issue on ISA-ISA gateway VPN with PIX in-between.


http://www.ISAserver.org Hello All,

I'm setting up a gateway-gateway connection with a PIX firewall in-between.
Both ISA will establish a VPN connection.

RemoteLAN-------[ISA]------Internet------PIX515------[ISA]-------HeadOfficeL
AN

Without the PIX firewall everything works perfectly, both PPTP and
L2TP/IPSec connections. When the PIX is there L2TP/IPSec gets an error "The
L2TP connection attempt failed because security policy for the connection
was not found.". I have opened all IP (UDP, TCP, GRE) ports and ICMP at the
PIX, still this error appears. Right now only PPTP works. I have run
IPSECMON command, if PIX is there no entries can be found in it, without the
PIX, L2TP/IPSec connects and an entry is there (IPSECMON). I have disabled
filtering of IP fragments on both ISA server. This error is also the same
case as when a Windows 2000 Pro tries to login to the HeadOfficeLAN using
L2TP/IPSec, but using a PPTP everythings ok.

I've been trying to solve this problem for a week now, ror, any information
is greatly appreciated.

Regards,
Grefenp
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server
Resource Site: http://www.msexchange.org/ Windows Security Resource Site:
http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
christian.schramm@xxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Issue on ISA-ISA gateway VPN with PIX in-between.
• » RE: Issue on ISA-ISA gateway VPN with PIX in-between.
• » RE: Issue on ISA-ISA gateway VPN with PIX in-between.
• » RE: Issue on ISA-ISA gateway VPN with PIX in-between.
• » RE: Issue on ISA-ISA gateway VPN with PIX in-between.

1. Home
2. isalist
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---