RE: VPN Client to Non-ISA VPN Network
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 1 Mar 2002 23:42:37 +0100
Hi Daniel,
as always Tom is right ;-)
OK, ESP and AH are *not* port 50 and 51, but IP protocol number 50 and 51.
Maybe there still a little chance it can be solved, but it completely
depends on the IPSec implementation of the VPN client and gateway.
The problem is that ISA is doing NAPT and IPSec is *not* designed with that
in mind. If you like some background information, please visit
http://www.ietf.org/html.charters/ipsec-charter.html .
Ask if the IPSec implementation supports a feature NAT traversal or IPSec
through NAT or UDP encapsulation of IPSec packets. This are different terms
for the same functionality. The concept behind this is that the IPSec
packets are encapsulated in UDP packets. The headers of this UDP packets can
be manupilated by any NAPT device without negative effects on the IPSec
packets.
Hope this helps,
Stefaan
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: vrijdag 1 maart 2002 23:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Client to Non-ISA VPN Network
http://www.ISAserver.org
Hi Daniel,
The party's over if you require AH.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx]
Sent: Friday, March 01, 2002 4:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Client to Non-ISA VPN Network
http://www.ISAserver.org
OK, here's the fun. I am told:
In/Out Port Protocol
In+Out 50 ESP
In+Out 51 AH
In+Out 500 UDP
Out 389 TCP
Out 709 TCP
Out 5080 TCP
So, how do I configure the ESP and AH Protocols?
Hmmm
TIA
Daniel
-----Original Message-----
From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx]
Sent: Friday, March 01, 2002 3:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Client to Non-ISA VPN Network
http://www.ISAserver.org
Hi Daniel,
new to ISA and you have already to solve this problem..... very good
luck
;-)
Now seriously, about which type of VPN are you talking: PPTP,
L2TP/IPSec,
IPSec, etc... You'll have to know the protocols and port numbers used
before
you can do anything on ISA.
Regards,
Stefaan
-----Original Message-----
From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx]
Sent: vrijdag 1 maart 2002 22:52
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN Client to Non-ISA VPN Network
http://www.ISAserver.org
Howdy,
I am new to ISA - and thus still have a lot to learn(don't we all).
My employer has supplied me with ATT Global Network Client software to
connect from home to the internal network.
If I plug in - on the non-firewalled side of the Ether, I get
connected... But, if I plug in on the protected side(ISA between) I
cannot get connected.
What do I need to look at - to allow the VPN software to go through the
ISA Sever - in order to connect to the non-ISA VPN?
Thanks in Advance!
Daniel
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
drbohner@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
