If I understand correctly, Stefaan would like multiple IPsec connections by disabling the passthrough.. but that makes the devices block UDP 500.. and when negotiation starts on 500, it fails, therefore he'd like to start on 4500.. Is that a correct summary, Stefaan ? ________________________________ Van: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Verzonden: do 19-1-2006 15:29 Aan: [ISAserver.org Discussion List] Onderwerp: [isalist] RE: Windows XP SP2: start L2TP/IPSec IKE negotiation on UDP port 4500 instead of 500 http://www.ISAserver.org Hi Stefaan, I don't understand the problem. What's the difference if they start on 500 or 4500? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx] > Sent: Thursday, January 19, 2006 3:54 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Windows XP SP2: start L2TP/IPSec IKE > negotiation on UDP port 4500 instead of 500 > > http://www.ISAserver.org > > Hey guys, > > Is it possible to configure Windows XP SP2 to start the IKE > negotiation of a > L2TP/IPSec VPN connection directly on UDP port 4500 instead > of UDP port 500? > According to the RFC's this is a valid configuration. > > The reason for this question is that a lot of cheap sharing > devices limit > the number of IPSec connections to one because of their IPSec hack > implemention (aka IPSec passthough). If we switch off the > IPSec passthrough > setting in the sharing device then UDP port 500 is completely > blocked. > > Thanks, > Stefaan > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: paul.van.geldrop@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.