OK, I have a consensus 'from the world' that I can't use the provided VPN Client with ISA - because the client uses the AH protocol. So... What are my options. I have to use the client - but I can't go through ISA to get there. I know that the client does allow NAT - a coworker has a Linksys gateway (doing NAT) plugged in between his cable modem and his client. Options?? Options?? And replacing the client isn't currently one of them. Thanks Daniel Bohner drbohner@xxxxxxxxxxxxxxxxx ps - I'll reward anyone that can 'appropriately' resolve this issue with a six-pack of Mt. Dew.... -----Original Message----- From: Kevin Egan [mailto:KEgan@xxxxxxxxx] Sent: Friday, March 01, 2002 3:55 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client to Non-ISA VPN Network http://www.ISAserver.org I had a similar situation trying to connect with the Nortel VPN client. As stated, NAT breaks AH so ISA Server is out if this is all you can get. However, Nortel was in the process of implementing support for a "UDP Wrapper" which basically wraps everything in UDP before sending it through the firewall and thus allows the packets to traverse a many-to-one NAT firewall. At the other end, it's just stripped down layer by layer. My knowledge of this subject is limited so I don't really know what was done on the Nortel side to make it all happen. To make this work for the client side, I opened up port 500 (Send Receive) UDP and port 10001 UDP (Send Receive). Port 10001 was the UDP port used to wrap everything in. Note again that support on the host side is required along with the appropriate VPN client in order for this to work so this is something you might inquire about from the VPN server vendor. Kevin. > -----Original Message----- > From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx] > Sent: March 1, 2002 5:21 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: VPN Client to Non-ISA VPN Network > > > http://www.ISAserver.org > > > OK, here's the fun. I am told: > > In/Out Port Protocol > In+Out 50 ESP > In+Out 51 AH > In+Out 500 UDP > Out 389 TCP > Out 709 TCP > Out 5080 TCP > > So, how do I configure the ESP and AH Protocols? > > Hmmm > > TIA > > Daniel > > -----Original Message----- > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] > Sent: Friday, March 01, 2002 3:02 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: VPN Client to Non-ISA VPN Network > > http://www.ISAserver.org > > > Hi Daniel, > > new to ISA and you have already to solve this problem..... very good > luck > ;-) > > Now seriously, about which type of VPN are you talking: PPTP, > L2TP/IPSec, > IPSec, etc... You'll have to know the protocols and port numbers used > before > you can do anything on ISA. > > Regards, > Stefaan > > -----Original Message----- > From: Daniel [mailto:drbohner@xxxxxxxxxxxxxxxxx] > Sent: vrijdag 1 maart 2002 22:52 > To: [ISAserver.org Discussion List] > Subject: [isalist] VPN Client to Non-ISA VPN Network > > > http://www.ISAserver.org > > > Howdy, > > I am new to ISA - and thus still have a lot to learn(don't we all). > > My employer has supplied me with ATT Global Network Client software to > connect from home to the internal network. > > If I plug in - on the non-firewalled side of the Ether, I get > connected... But, if I plug in on the protected side(ISA between) I > cannot get connected. > > What do I need to look at - to allow the VPN software to go > through the > ISA Sever - in order to connect to the non-ISA VPN? > > Thanks in Advance! > > Daniel > > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > stefaan.pouseele@xxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > drbohner@xxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: kegan@xxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: drbohner@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')