RE: Nortel Contivity and ISA serve

  • From: "Greg Foulks" <greg.foulks@xxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 25 Sep 2002 13:53:32 -0400

I can't stress enough that you must be using the latest software on the 
contivity server to include the latest contivity client and
you must enable NAT traversal. Since ISA uses NAT the IPSEC protocol can not by 
default traverse NAT so the contivity server must
support NAT traversal.

One other thing you may also have to setup split tunneling on the contivity 
server for NAT traversal to work. It's all in the user
manual and should explain it well enough to get you going.

Good luck

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Wednesday, September 25, 2002 1:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Nortel Contivity and ISA serve


http://www.ISAserver.org


Right click IP Packet Filters
Click New
Give the filter a name and click next
select Allow packet transmission and click next
Select Custom click next
Under IP Protocol select Custom protocol
Enter 50 in the number box, set the direction to both click next
Local computer give it the ip address of the isa server click next
remote computer give it the ip address of the contivity server and click next

that should do it.

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Peter White [mailto:P.White@xxxxxxxxxxxxx]
Sent: Wednesday, September 25, 2002 1:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Nortel Contivity and ISA serve


http://www.ISAserver.org


Thanks, Greg.
     How did you enable Portocol 50 in the IP Packet Filters.  I don't see
it in there.
pw

-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Wednesday, September 25, 2002 1:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Nortel Contivity and ISA serve


http://www.ISAserver.org


I had a similar problem and had to do the following to get everything to
work

Enabled UDP 500 and 2001
Enable Protocol 50 in the IP Packet Filters

Then on the Contivity box you have to setup and enable NAT Traversal and the
client you use on to connect to the Contivity box bust
be the latest 4_15.03

Hope this helps--

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Peter White [mailto:P.White@xxxxxxxxxxxxx]
Sent: Wednesday, September 25, 2002 12:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Nortel Contivity and ISA serve


http://www.ISAserver.org


Hi,
  I am trying to make a vpn connection to a Nortel Contivity box from behind
my ISA server.  I can connect to the Contivity when I am ras'd to the
interenet so I am sure it is configured properly.
    I underdtand to connect to the Contivity I need port 500 udp open both
ways - this is default ISA for LT2P IKE packets and already set up in our
ISA.  Also the ISA must allow protocol 50 (Encapsulating Security Protocol)
and protocol 51 (Authentication Header) to pass through.  Does anyone know
how to do this?  I cannot find any protocol definitions for 50 and 51 in the
ISA server.

thanks

Peter White

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
P.WHITE@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



Other related posts: