Ah, Ok. Then you have a problem in the termination of your VPN tunnel. You shouldn't need to be passing any of the protocols you mentioned through your ISA to the SAP server, they are strictly for establishing and maintaing the VPN tunnel. The Cisco 3500 should be terminating the VPN tunnel and passing straight-up TCP/IP to your ISA. Double-check your Cisco's configuration and make sure it's not set up as a VPN pass-through or something like that. Sorry I can't get more detailed there, don't know the config of the 3500. -Shawn -----Original Message----- From: Chris H [mailto:ntpro@xxxxxxxxxx] Sent: Wednesday, June 09, 2004 2:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Opening "Protocols" http://www.ISAserver.org Some consultants are connecting to a Cisco VPN 3500 and we then have it hubbed into a "dmz" with the ISA external NIC in the hub as well. So they are VPN to the Cisco device and then I assume normal networking from there through the ISA to the SAP server behind the ISA [Cisco - 192.168.200.201] <---> [Hub]<--->[ISA External NIC - 192.168.200.184] [ISA Server Internal NIC - 10.49.9.7] <--->[SAP Server - 10.49.2.184] Chris ----- Original Message ----- From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, June 09, 2004 1:29 PM Subject: [isalist] RE: Opening "Protocols" http://www.ISAserver.org Those are tunneling protocols. Are you just trying to connect to the SAP server or are you trying to set up some sort of VPN tunnel to it / through to it? -Shawn -----Original Message----- From: Chris H [mailto:ntpro@xxxxxxxxxx] Sent: Wednesday, June 09, 2004 1:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] Opening "Protocols" http://www.ISAserver.org I am trying to allow access to an SAP server through the ISA firewall and was told I need to allow "protocols" 51 (AH), 50 (ESP) and 500 (ISAKMP). My question is how to define the packet filters? Does the port # correspond to the protocol #? TCP or UDP? I have tried looking it up but cannot find a definitive answer . . . Much thanks! Chris ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ntpro@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist