RE: Using VPN-1 Secure Remote behind ISA

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 7 Dec 2003 18:12:30 -0600

Hi Sam,
 
Never use packet filters to control traffic to and from LAT hosts. Use
them only to support services on the ISA firewall itself, or hosts on a
public address DMZ segment.
 
HTH,
Tom

  _____  

From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] 
Sent: Thursday, December 04, 2003 7:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA


http://www.ISAserver.org

Hi Fares,
 
Yes all those protocols were implemented through IP Packet Filters. Do
you need to use Protocol Rules?
Thanks!
Sam
 
-----Original Message-----
From: Fares Rihani [mailto:Fares@xxxxxxxxxx] 
Sent: Thursday, December 04, 2003 3:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
 
http://www.ISAserver.org
Sam,
 
Check on these following rules:
 
    UDP 2746 send, receive
    UDP 500 send, receive
    TCP 500 out , secondary port 500 in 
 
Let me know if those were implemented in your current config.  If not,
try after adding them.
Good luck,
 
Fares Rihani
 

 -----Original Message-----
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx]
Sent: Thursday, December 04, 2003 6:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
        http://www.ISAserver.org
        Thanks. I had that port open as well!
         
        -----Original Message-----
        From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
        Sent: Thursday, December 04, 2003 2:51 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Using VPN-1 Secure Remote behind ISA
         
        http://www.ISAserver.org
        You need tcp 1703 as well
         
        Steve
         
        
  _____  

        From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] 
        Sent: Thursday, December 04, 2003 6:24 PM
        To: Isa Weblist
        Subject: [isalist] Using VPN-1 Secure Remote behind ISA
        http://www.ISAserver.org
        Hi everyone,
         
        I use Secure Remote Client to connect to the office. Now that I
installed and configured ISA in integrated mode I can no longer connect
to the office.  I installed the secure remote on one of my internal
workstations but when I try to create a site ( VPN) I get an error
"Error: Communicating with site" I created several packet filters
including UDP 500, 4500, TCP 500, TCP 43, 2746, UDP 1701. I also have IP
routing enabled and the PPTP through ISA firewall. I am still unable to
connect to the office using the secure remote. I am sure it is a port
issue since the VPN client was working fine prior to the ISA install.
Please help
         
        Sam
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adminone@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2003