RE: Opening "Protocols"

• From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 9 Jun 2004 14:13:47 -0400

Ah, Ok.  Then you have a problem in the termination of your VPN tunnel.
You shouldn't need to be passing any of the protocols you mentioned
through your ISA to the SAP server, they are strictly for establishing
and maintaing the VPN tunnel.  The Cisco 3500 should be terminating the
VPN tunnel and passing straight-up TCP/IP to your ISA.  Double-check
your Cisco's configuration and make sure it's not set up as a VPN
pass-through or something like that.  Sorry I can't get more detailed
there, don't know the config of the 3500.

-Shawn

-----Original Message-----
From: Chris H [mailto:ntpro@xxxxxxxxxx] 
Sent: Wednesday, June 09, 2004 2:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Opening "Protocols"

http://www.ISAserver.org

Some consultants are connecting to a Cisco VPN 3500 and we then have it 
hubbed into a "dmz" with the ISA external NIC in the hub as well. So
they 
are VPN to the Cisco device and then I assume normal networking from
there 
through the ISA to the SAP server behind the ISA


[Cisco - 192.168.200.201] <---> [Hub]<--->[ISA External NIC - 
192.168.200.184]
[ISA Server Internal NIC - 10.49.9.7] <--->[SAP Server - 10.49.2.184]

Chris

----- Original Message ----- 
From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, June 09, 2004 1:29 PM
Subject: [isalist] RE: Opening "Protocols"


http://www.ISAserver.org


Those are tunneling protocols.  Are you just trying to connect to the
SAP server or are you trying to set up some sort of VPN tunnel to it /
through to it?

-Shawn

-----Original Message-----
From: Chris H [mailto:ntpro@xxxxxxxxxx]
Sent: Wednesday, June 09, 2004 1:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Opening "Protocols"

http://www.ISAserver.org

I am trying to allow access to an SAP server through the ISA firewall
and
was told I need to allow "protocols" 51 (AH), 50 (ESP) and 500 (ISAKMP).

My question is how to define the packet filters? Does the port #
correspond
to the protocol #? TCP or UDP? I have tried looking it up but cannot
find a
definitive answer . . .

Much thanks!

Chris


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
ntpro@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

Other related posts:

• » Opening "Protocols"
• » RE: Opening "Protocols"
• » RE: Opening "Protocols"
• » RE: Opening "Protocols"
• » RE: Opening "Protocols"
• » RE: Opening "Protocols"

1. Home
2. isalist
3. Archive
4. 06-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---