Hey Sam, If you are keeping the client on the ISA server itself then use IP packet filters. When installing the client on internal computers behind the firewall, create Protocol Definitions first, then create a Protocol Rule using those definitions. Use the rules below, but you may need to create a few more according to the VPN-1 Server. You can disable all the those IP Packet Filters :) Good Luck, -Fares -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Thursday, December 04, 2003 8:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA http://www.ISAserver.org Hi Fares, Yes all those protocols were implemented through IP Packet Filters. Do you need to use Protocol Rules? Thanks! Sam -----Original Message----- From: Fares Rihani [mailto:Fares@xxxxxxxxxx] Sent: Thursday, December 04, 2003 3:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA http://www.ISAserver.org Sam, Check on these following rules: UDP 2746 send, receive UDP 500 send, receive TCP 500 out , secondary port 500 in Let me know if those were implemented in your current config. If not, try after adding them. Good luck, Fares Rihani -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Thursday, December 04, 2003 6:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA http://www.ISAserver.org Thanks. I had that port open as well! -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, December 04, 2003 2:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA http://www.ISAserver.org You need tcp 1703 as well Steve _____ From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Thursday, December 04, 2003 6:24 PM To: Isa Weblist Subject: [isalist] Using VPN-1 Secure Remote behind ISA http://www.ISAserver.org Hi everyone, I use Secure Remote Client to connect to the office. Now that I installed and configured ISA in integrated mode I can no longer connect to the office. I installed the secure remote on one of my internal workstations but when I try to create a site ( VPN) I get an error "Error: Communicating with site" I created several packet filters including UDP 500, 4500, TCP 500, TCP 43, 2746, UDP 1701. I also have IP routing enabled and the PPTP through ISA firewall. I am still unable to connect to the office using the secure remote. I am sure it is a port issue since the VPN client was working fine prior to the ISA install. Please help Sam