RE: VPN to a cisco VPN server that uses ipsec

  • From: "David Elmquist" <david@xxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 20 Mar 2002 23:39:19 +0100

All I`m saying is, that I use a Cisco Altiga client, capable of
encapsulating IPSEC in UDP, thus traversing NAT.
UDP encapsulation is not something that can be enabled - it has to
Be built in to the client/server. But I`m pretty sure major league
playes like Checkpoint does, or intend to support it.

 David Elmquist

-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] 
Sent: 20. marts 2002 23:24
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec

http://www.ISAserver.org


David,
I've been messing around with this for a couple of months now. I have a
client who moved to SmartPipes as there VPN provider. They
use IPSEC and have provided me a Client to use to connect with. Since I
am behind ISA I've not been able to connect from my PC
through ISA to my client because NAT and IPSEC do not play well
together.

What I've had to do was install a second NIC in my PC and disable my
local nic and enable my external nic (which has a public IP
assigned) this client that was given to me also has BlackIce so I use it
as a firewall.



Now---- You say that I can VPN from my PC through ISA to my Clients
IPSEC server if I encapsulate using UDP? How are you doing this?

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: David Elmquist [mailto:david@xxxxxxxxxx]
Sent: Wednesday, March 20, 2002 5:08 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec


http://www.ISAserver.org



Not entirely correct.
Client sitting behind a ISA server (being nat'd) is able to connect to a
VPN server through IPSEC, encapsulated in UDP. NAT still breaks IPSEC.
I use a VPN client configured as described.

 David Elmquist

-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: 20. marts 2002 22:57
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec

http://www.ISAserver.org


So then are you saying that this can be done?

Client sitting behind a ISA server (being nat'd) is able to connect to a
VPN server through IPSEC?

Greg

-----Original Message-----
From: Carter, Elizabeth [mailto:ecarter@xxxxxxx]
Sent: Wednesday, March 20, 2002 2:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN to a cisco VPN server that uses ipsec


http://www.ISAserver.org


See the following site:

http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=forum;f=13

And specifically the following threads:

http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=13;t=000
326
http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=13;t=000
042

*****************************************
Elizabeth C. Carter
Director of Information Technology
Virginia Episcopal School
400 VES Road
Lynchburg, VA  24503
434-385-3665 office
434-385-3667 fax





-----Original Message-----
From: skip [mailto:skip@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, March 20, 2002 1:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN to a cisco VPN server that uses ipsec


http://www.ISAserver.org


I have setup ISA server to be able to allow incomming vpn
calls and outgoing vpn calls, and it works fine, now i
have clients on the internal network that need to vpn
into a cisco vpn server on a remote network that uses
ipsec. When the client tries to connect to the remote
network from behind ISA, it gets all the way to the point
where it says "Authenticating", and then it fails. Is
there anything i can do on my end to let these clients
authenticate with this cisco vpn server.

Thanks
.


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ecarter@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 03-2002