Final Follow up: Quote from Cisco Engineer: There are plans to implement this feature into the PIX code. However, there is no timeline that has been released for this feature. You are correct in that it would solve your problem. The reason is that "transparent tunneling" can use UDP port 10000 (which the proxy server does recognize and can let through) instead of the ESP protocol for data transfer through the tunnel. So, "transparent tunneling" will enable the client to work from behind proxy devices that don't support or recognize the ESP protocol. This is the reason that these type of connections work to a 3000 Series VPN Concentrator Adam -----Original Message----- From: Adam Staub Sent: Wednesday, July 24, 2002 12:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Cisco Client - Behind ISA Server. http://www.ISAserver.org Follow up. I opened a case with TAC. They say that the PIX(note: the 3000 series vpn concentrator is a different animal) doesn't support the encapsulation options on the 3.x client. So it will not work period. Thanks, Adam -----Original Message----- From: Adam Staub Sent: Wednesday, July 24, 2002 8:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] VPN Cisco Client - Behind ISA Server. http://www.ISAserver.org I'm trying to setup a connection to a PIX box from behind my ISA box. I've setup two protocol definitions on udp port 500 send/receive and udp port 10000 send/receive. I then created a protocol definition using the two rules. However, my IPPext log is stating that it has blocked port 500 coming back from the PIX box. I then created a packet filter to allow port 500 thru but that didn't help either. What am I doing wrong? Thanks, Adam ********************************************************************* Note: This E-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this E-mail and any attachments is strictly prohibited. If you have received this E-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation. ********************************************************************** ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Adam.Staub@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ********************************************************************* Note: This E-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this E-mail and any attachments is strictly prohibited. If you have received this E-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation. ********************************************************************** ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Adam.Staub@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ********************************************************************* Note: This E-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this E-mail and any attachments is strictly prohibited. If you have received this E-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation. **********************************************************************