RE: VPN Client to Non-ISA VPN Network

• From: "Daniel" <drbohner@xxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 7 Mar 2002 18:52:30 -0700

OK, I have a consensus 'from the world' that I can't use the provided
VPN Client with ISA - because the client uses the AH protocol.

So...  What are my options.  I have to use the client - but I can't go
through ISA to get there.  I know that the client does allow NAT - a
coworker has a Linksys gateway (doing NAT) plugged in between his cable
modem and his client.

Options?? Options?? And replacing the client isn't currently one of
them.

Thanks

Daniel Bohner
drbohner@xxxxxxxxxxxxxxxxx

ps - I'll reward anyone that can 'appropriately' resolve this issue with
a six-pack of Mt. Dew....

-----Original Message-----
From: Kevin Egan [mailto:KEgan@xxxxxxxxx] 
Sent: Friday, March 01, 2002 3:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Client to Non-ISA VPN Network

http://www.ISAserver.org


I had a similar situation trying to connect with the Nortel VPN client.
As
stated, NAT breaks AH so ISA Server is out if this is all you can get.
However, Nortel was in the process of implementing support for a "UDP
Wrapper" which basically wraps everything in UDP before sending it
through
the firewall and thus allows the packets to traverse a many-to-one NAT
firewall.  At the other end, it's just stripped down layer by layer.  My
knowledge of this subject is limited so I don't really know what was
done on
the Nortel side to make it all happen.  To make this work for the client
side, I opened up port 500 (Send Receive) UDP and port 10001 UDP (Send
Receive).  Port 10001 was the UDP port used to wrap everything in.  Note
again that support on the host side is required along with the
appropriate
VPN client in order for this to work so this is something you might
inquire
about from the VPN server vendor.

Kevin.

> -----Original Message-----
> From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx]
> Sent: March 1, 2002 5:21 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: VPN Client to Non-ISA VPN Network
> 
> 
> http://www.ISAserver.org
> 
> 
> OK, here's the fun.  I am told:
> 
> In/Out        Port            Protocol
> In+Out        50              ESP
> In+Out        51              AH
> In+Out        500             UDP
> Out           389             TCP
> Out           709             TCP
> Out           5080            TCP
> 
> So, how do I configure the ESP and AH Protocols?
> 
> Hmmm
> 
> TIA
> 
> Daniel
> 
> -----Original Message-----
> From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] 
> Sent: Friday, March 01, 2002 3:02 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: VPN Client to Non-ISA VPN Network
> 
> http://www.ISAserver.org
> 
> 
> Hi Daniel,
> 
> new to ISA and you have already to solve this problem..... very good
> luck
> ;-)
> 
> Now seriously, about which type of VPN are you talking: PPTP,
> L2TP/IPSec,
> IPSec, etc... You'll have to know the protocols and port numbers used
> before
> you can do anything on ISA.
> 
> Regards,
> Stefaan
> 
> -----Original Message-----
> From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx]
> Sent: vrijdag 1 maart 2002 22:52
> To: [ISAserver.org Discussion List]
> Subject: [isalist] VPN Client to Non-ISA VPN Network
> 
> 
> http://www.ISAserver.org
> 
> 
> Howdy,
> 
> I am new to ISA - and thus still have a lot to learn(don't we all).
> 
> My employer has supplied me with ATT Global Network Client software to
> connect from home to the internal network.
> 
> If I plug in - on the non-firewalled side of the Ether, I get
> connected...  But, if I plug in on the protected side(ISA between) I
> cannot get connected.
> 
> What do I need to look at - to allow the VPN software to go 
> through the
> ISA Sever - in order to connect to the non-ISA VPN?
> 
> Thanks in Advance!
> 
> Daniel
> 
> 
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> stefaan.pouseele@xxxxxxx
> To unsubscribe send a blank email to 
> $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> drbohner@xxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to 
> $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: kegan@xxxxxxxxx
> To unsubscribe send a blank email to 
> $subst('Email.Unsub')
> 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
drbohner@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network
• » RE: VPN Client to Non-ISA VPN Network

1. Home
2. isalist
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---