RE: Nortel VPN client 4.65
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 16 Jan 2003 20:02:39 -0600
Hi Manny,
Check this out:
================================
Security Guy
Junior Member
Member # 8528
Rate Member
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00008528>
posted September 07, 2002 02:36 AM
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00008528>
<http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=13;t=000434;
reply_num=000067;u=00008528>
<http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=13;t=000434;repl
yto=000067>
_____
WO0 HO0!! It's working!! Let me tell you guys this:
- it has nothing to do IP Fragement Filtering.
- it probably has nothing to do with the extra protocol definitions
created from the .vbs script.
- all you need to do at ISA's side is to create protocol definitions for
UDP port 500 and UDP port 10001 (or whatever your Contivity's NAT
Traversal's port is configured to use)
This is what you need to do at the Contivity Switch (we have model
CES2600D):
1. On the configuration page's left side, click on "Services", then
"IPSEC". Toward the middle of page is the setting "NAT Traversal". Check
to have it enabled and set it on port 10001.
2. Once the above step is done, go to "Profiles", then "Groups". Under a
designated group where you want NAT Traversal enabled, click on "Edit."
Under the section "IPSEC", click on "Configure." At the very bottom of
the page, make sure "Auto-Detect NAT" is selected. Keep the "NAT
Keepalive" setting at 18 seconds.
** very important **
Our Contivity switch is running with one of the newest firmware,
v04_05.024. I used the newest Nortel Extranet Access Client software,
v4.65. There are no changes on ISA other than defined protocol
definition for UDP port 500 and 10001. Nothing was changed in the packet
filter section, I still restrict direct PING to my firewall. I can only
say I'm a happy camper now, no longer need to lug my laptop from work to
get to corporate's VPN.
============================
HTH,
Thomas W Shinder
www.isaserver.org/shinder
http://tinyurl.com/1jq1
http://tinyurl.com/1llp
-----Original Message-----
From: Manny Perez [mailto:Manny@xxxxxxxxxxxx]
Sent: Thursday, January 16, 2003 1:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Nortel VPN client 4.65
http://www.ISAserver.org
Hi,
Has anyone had much success setting this up. I can not get it to
work. Any help would be much appreciated.
Thanks,
Manny Perez
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
