RE: Publish VPN server - revisited

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 5 Oct 2005 08:27:06 -0500

Hi Gregory,
 
There's an article on the www.isaserver.org site on how to publish NAT-T
L2TP/IPSec VPN servers. I do it all the time, along with user
certificate authentication for the EAP user auth.
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
        Sent: Wednesday, October 05, 2005 8:19 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Publish VPN server - revisited
        
        
        http://www.ISAserver.org
        

        Change NAT-T server and client to IPSec NAT-T server and client.

         

        
________________________________


        From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
        Sent: Wednesday, October 05, 2005 8:18 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Publish VPN server - revisited

         

        http://www.ISAserver.org

        ISA 2004:

         

        I have a VPN server sitting behind Windows 2003/RRAS (network
behind a network) -- the Win 2003 is SNAT with the ISA 2004.
Internally, the device, wireless remote access point (RAP), attaches to
the VPN server routing through ISA with no problems.  ISA's logging
displays NAT-T client (4500/UDP - send receive) as the protocol used.
How can I publish this VPN server/protocol to the Internet?  The VPN
server sees the Internet based RAP - I determined this by pinging the
RAP from the VPN server while they are negotiating.  Their negotiation
never comes to fruition.  The RAP just reboots and keeps trying.  Now,
this published rule to the Internet uses (NAT-T server receive send)
protocol - not the (receive send) as seen internally.

         

         

        TIA

         

        greg

         

         

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: gregory.crockett@xxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2005