RE: Using VPN-1 Secure Remote behind ISA
- From: "Sam Chapman" <adminone@xxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 5 Dec 2003 18:50:48 -0800
http://www.ISAserver.org
Hi Fares,
I am not having too much luck getting this VPN client to work. I
disabled the IP packets, created the appropriate Protocol definations,
and implemented the necessary rules. I even install the secure remote on
a different XP machine. Still, getting the infamous "Error:
Communication with site." I sure appreciate all your help.
Thanks!
Sam
-----Original Message-----
From: Fares Rihani [mailto:Fares@xxxxxxxxxx]
Sent: Friday, December 05, 2003 6:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
Hey Sam,
If you are keeping the client on the ISA server itself then use IP
packet filters. When installing the client on internal computers behind
the firewall, create Protocol Definitions first, then create a Protocol
Rule using those definitions. Use the rules below, but you may need to
create a few more according to the VPN-1 Server. You can disable all
the those IP Packet Filters :)
Good Luck,
-Fares
-----Original Message-----
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx]
Sent: Thursday, December 04, 2003 8:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
http://www.ISAserver.org
Hi Fares,
Yes all those protocols were implemented through IP Packet Filters. Do
you need to use Protocol Rules?
Thanks!
Sam
-----Original Message-----
From: Fares Rihani [mailto:Fares@xxxxxxxxxx]
Sent: Thursday, December 04, 2003 3:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
http://www.ISAserver.org
Sam,
Check on these following rules:
UDP 2746 send, receive
UDP 500 send, receive
TCP 500 out , secondary port 500 in
Let me know if those were implemented in your current config. If not,
try after adding them.
Good luck,
Fares Rihani
-----Original Message-----
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx]
Sent: Thursday, December 04, 2003 6:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
http://www.ISAserver.org
Thanks. I had that port open as well!
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, December 04, 2003 2:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
http://www.ISAserver.org
You need tcp 1703 as well
Steve
_____
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx]
Sent: Thursday, December 04, 2003 6:24 PM
To: Isa Weblist
Subject: [isalist] Using VPN-1 Secure Remote behind ISA
http://www.ISAserver.org
Hi everyone,
I use Secure Remote Client to connect to the office. Now that I
installed and configured ISA in integrated mode I can no longer connect
to the office. I installed the secure remote on one of my internal
workstations but when I try to create a site ( VPN) I get an error
"Error: Communicating with site" I created several packet filters
including UDP 500, 4500, TCP 500, TCP 43, 2746, UDP 1701. I also have IP
routing enabled and the PPTP through ISA firewall. I am still unable to
connect to the office using the secure remote. I am sure it is a port
issue since the VPN client was working fine prior to the ISA install.
Please help
Sam
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adminone@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
