RE: Novell Bordermanager VPN client

• From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 4 Sep 2003 09:02:35 +0200

Hi Tom,

Just to get that sorted out: couldn't we place the client into the DMZ?
We could allow protocol 57 traffic then.

@Francois: There is an article from Sep. 2001 here
http://developer.novell.com/research/appnotes/2001/septembe/01/a0109013.
htm which explains the Bordermanager approach to NAT-T. 



Thanks
Mark

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
> Posted At: Thursday, September 04, 2003 3:05 AM
> Posted To: www.isaserver.org
> Conversation: [isalist] RE: Novell Bordermanager VPN client
> Subject: [isalist] RE: Novell Bordermanager VPN client
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Francois,
> 
> That's right. The only IP protocol that isn't UDP or TCP 
> allowed outbound is GRE and ICMP.
> 
> BTW -- If the VPN protocol doesn't use encapsulation for 
> NAT-T, then that provides more evidence why Novell is 
> primarily of historial interest.
> 
> HTH,
> Tom
> 
> Thomas W Shinder 
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1 
> Configuring ISA Server: http://tinyurl.com/1llp 
> 
> 
> 
> -----Original Message-----
> From: Francois Malherbe [mailto:Francois@xxxxxxxxxxxxxx] 
> Sent: Wednesday, September 03, 2003 2:02 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Novell Bordermanager VPN client
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Mark
> 
> I have a definite answer from Microsoft - NO.
> 
> According to Microsoft, ISA server itself cannot be 
> configured to propagate this protocol. I spent about 3 months 
> talking to MS tech support and their final solution was to 
> get Novell to write a plug-in for ISA.
> 
> If you find any other answer or solution, please keep me 
> informed as well.
> 
> Thanks
> 
> Francois
> 
> -----Original Message-----
> From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] 
> Sent: 02 September 2003 11:19 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Novell Bordermanager VPN client
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Stefaan,
> 
> Ha! I've seen this article before - what get's me is Novell's
> documentation: they say that I'd have to allow IP protocol 
> number 57. Which is related to a thingy called SKIP... 
> 
> I might be far off the line here, but if I need a custom IP 
> protocol enabled, I'd have to do this with packet filtering, 
> yes? Wouldn't that mean that I could only use the 
> Bordermanager client from within the DMZ? Or, put another 
> way, packet filtering relies on normal IP routing 
> functionality, so I couldn't possibly enter an internal 
> network address in a packet filtering rule, right? 
> 
> Thanks,
> Mark
> 
> > -----Original Message-----
> > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx]
> > Sent: Tuesday, September 02, 2003 8:26 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Novell Bordermanager VPN client
> > 
> > 
> > Hi Mark,
> > 
> > I haven't, but you can use my article 
> > http://www.isaserver.org/articles/IPSec_Passth> rough.html 
> as baseline 
> > ;-)
> > 
> > HTH,
> > Stefaan
> > 
> > -----Original Message-----
> > From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx]
> > Sent: dinsdag 2 september 2003 20:21
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Novell Bordermanager VPN client
> > 
> > 
> http://www.ISAserver.org
> 
> 
> Hi,
> 
> Has anybody eventually happened to use this VPN behind ISA?
> 
> Thanks
> Mark
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: francois@xxxxxxxxxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a 
> blank email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 

Other related posts:

• » Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client
• » RE: Novell Bordermanager VPN client

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---