Hi Daniel, as always Tom is right ;-) OK, ESP and AH are *not* port 50 and 51, but IP protocol number 50 and 51. Maybe there still a little chance it can be solved, but it completely depends on the IPSec implementation of the VPN client and gateway. The problem is that ISA is doing NAPT and IPSec is *not* designed with that in mind. If you like some background information, please visit http://www.ietf.org/html.charters/ipsec-charter.html . Ask if the IPSec implementation supports a feature NAT traversal or IPSec through NAT or UDP encapsulation of IPSec packets. This are different terms for the same functionality. The concept behind this is that the IPSec packets are encapsulated in UDP packets. The headers of this UDP packets can be manupilated by any NAPT device without negative effects on the IPSec packets. Hope this helps, Stefaan -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: vrijdag 1 maart 2002 23:22 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client to Non-ISA VPN Network http://www.ISAserver.org Hi Daniel, The party's over if you require AH. HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx] Sent: Friday, March 01, 2002 4:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client to Non-ISA VPN Network http://www.ISAserver.org OK, here's the fun. I am told: In/Out Port Protocol In+Out 50 ESP In+Out 51 AH In+Out 500 UDP Out 389 TCP Out 709 TCP Out 5080 TCP So, how do I configure the ESP and AH Protocols? Hmmm TIA Daniel -----Original Message----- From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] Sent: Friday, March 01, 2002 3:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client to Non-ISA VPN Network http://www.ISAserver.org Hi Daniel, new to ISA and you have already to solve this problem..... very good luck ;-) Now seriously, about which type of VPN are you talking: PPTP, L2TP/IPSec, IPSec, etc... You'll have to know the protocols and port numbers used before you can do anything on ISA. Regards, Stefaan -----Original Message----- From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx] Sent: vrijdag 1 maart 2002 22:52 To: [ISAserver.org Discussion List] Subject: [isalist] VPN Client to Non-ISA VPN Network http://www.ISAserver.org Howdy, I am new to ISA - and thus still have a lot to learn(don't we all). My employer has supplied me with ATT Global Network Client software to connect from home to the internal network. If I plug in - on the non-firewalled side of the Ether, I get connected... But, if I plug in on the protected side(ISA between) I cannot get connected. What do I need to look at - to allow the VPN software to go through the ISA Sever - in order to connect to the non-ISA VPN? Thanks in Advance! Daniel ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: drbohner@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')