Hi Tom, Just to get that sorted out: couldn't we place the client into the DMZ? We could allow protocol 57 traffic then. @Francois: There is an article from Sep. 2001 here http://developer.novell.com/research/appnotes/2001/septembe/01/a0109013. htm which explains the Bordermanager approach to NAT-T. Thanks Mark > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Posted At: Thursday, September 04, 2003 3:05 AM > Posted To: www.isaserver.org > Conversation: [isalist] RE: Novell Bordermanager VPN client > Subject: [isalist] RE: Novell Bordermanager VPN client > > > http://www.ISAserver.org > > > Hi Francois, > > That's right. The only IP protocol that isn't UDP or TCP > allowed outbound is GRE and ICMP. > > BTW -- If the VPN protocol doesn't use encapsulation for > NAT-T, then that provides more evidence why Novell is > primarily of historial interest. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > -----Original Message----- > From: Francois Malherbe [mailto:Francois@xxxxxxxxxxxxxx] > Sent: Wednesday, September 03, 2003 2:02 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Novell Bordermanager VPN client > > > http://www.ISAserver.org > > > Hi Mark > > I have a definite answer from Microsoft - NO. > > According to Microsoft, ISA server itself cannot be > configured to propagate this protocol. I spent about 3 months > talking to MS tech support and their final solution was to > get Novell to write a plug-in for ISA. > > If you find any other answer or solution, please keep me > informed as well. > > Thanks > > Francois > > -----Original Message----- > From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] > Sent: 02 September 2003 11:19 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Novell Bordermanager VPN client > > > http://www.ISAserver.org > > > Hi Stefaan, > > Ha! I've seen this article before - what get's me is Novell's > documentation: they say that I'd have to allow IP protocol > number 57. Which is related to a thingy called SKIP... > > I might be far off the line here, but if I need a custom IP > protocol enabled, I'd have to do this with packet filtering, > yes? Wouldn't that mean that I could only use the > Bordermanager client from within the DMZ? Or, put another > way, packet filtering relies on normal IP routing > functionality, so I couldn't possibly enter an internal > network address in a packet filtering rule, right? > > Thanks, > Mark > > > -----Original Message----- > > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] > > Sent: Tuesday, September 02, 2003 8:26 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Novell Bordermanager VPN client > > > > > > Hi Mark, > > > > I haven't, but you can use my article > > http://www.isaserver.org/articles/IPSec_Passth> rough.html > as baseline > > ;-) > > > > HTH, > > Stefaan > > > > -----Original Message----- > > From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] > > Sent: dinsdag 2 september 2003 20:21 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Novell Bordermanager VPN client > > > > > http://www.ISAserver.org > > > Hi, > > Has anybody eventually happened to use this VPN behind ISA? > > Thanks > Mark > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank > email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: francois@xxxxxxxxxxxxxx To unsubscribe send a blank > email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank > email to $subst('Email.Unsub') >