RE: Publish VPN server - revisited

• From: "Crockett, Gregory" <Gregory.Crockett@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 5 Oct 2005 18:48:58 -0500

An Aruba Networks wireless switch.  Recently, Microsoft selected Aruba
to replace their wireless network. 

 

www.arubanetworks.com <http://www.arubanetworks.com/> 

 

 

TIA

 

greg

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, October 05, 2005 6:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish VPN server - revisited

 

http://www.ISAserver.org

Hi Greg,

 

What device are you terminating the VPN client connection at?

 

Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

         

        
________________________________


        From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
        Sent: Wednesday, October 05, 2005 12:21 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Publish VPN server - revisited

        http://www.ISAserver.org

        Tom,

         

        Thanx for the info.  I read and tried these articles:
"Configuring Remote Access VPN Servers in a Back to Back ISA Firewall
Configuration".  The beginning sounded like what I need.  However, I am
not running a back end isa server.  I also found an article for ISA 2000
- "Configuring Windows Server 2003-based ISA Server Firewall/VPN Server
to Accept inbound NAT-T L2TP/IPSec Calls".   The vpn server is a
non-windows based appliance using a shared-key - no certificates.  The
Microsoft paper "Publishing a VPN Server is ISA Server 2004" stated the
LT2P over IPSec  using NAT-T must be Windows Server 2003 based.

         

        This vpn server default gateway is that of a win 2003
server/rras -- this server is without ISA.  Should I change it's network
to that of the ISA Internal network and not on an internal network?

         

        greg

         

        
________________________________


        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: Wednesday, October 05, 2005 8:27 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Publish VPN server - revisited

         

        http://www.ISAserver.org

        Hi Gregory,

         

        There's an article on the www.isaserver.org site on how to
publish NAT-T L2TP/IPSec VPN servers. I do it all the time, along with
user certificate authentication for the EAP user auth.

         

        Tom

         

        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://spaces.msn.com/members/drisa/
        Book: <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
        MVP -- ISA Firewalls

         

                 

                
________________________________


                From: Crockett, Gregory
[mailto:Gregory.Crockett@xxxxxxxxx] 
                Sent: Wednesday, October 05, 2005 8:19 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Publish VPN server - revisited

                http://www.ISAserver.org

                Change NAT-T server and client to IPSec NAT-T server and
client.

                 

                
________________________________


                From: Crockett, Gregory
[mailto:Gregory.Crockett@xxxxxxxxx] 
                Sent: Wednesday, October 05, 2005 8:18 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] Publish VPN server - revisited

                 

                http://www.ISAserver.org

                ISA 2004:

                 

                I have a VPN server sitting behind Windows 2003/RRAS
(network behind a network) -- the Win 2003 is SNAT with the ISA 2004.
Internally, the device, wireless remote access point (RAP), attaches to
the VPN server routing through ISA with no problems.  ISA's logging
displays NAT-T client (4500/UDP - send receive) as the protocol used.
How can I publish this VPN server/protocol to the Internet?  The VPN
server sees the Internet based RAP - I determined this by pinging the
RAP from the VPN server while they are negotiating.  Their negotiation
never comes to fruition.  The RAP just reboots and keeps trying.  Now,
this published rule to the Internet uses (NAT-T server receive send)
protocol - not the (receive send) as seen internally.

                 

                 

                TIA

                 

                greg

                 

                 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited
• » RE: Publish VPN server - revisited

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---