RE: cisco vpn dialer (IPSEC)

• From: "Jeffrey M. Butte" <jbutte@xxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 9 Nov 2001 21:59:24 -0600

Uh... no, he is not referring to the Firewall Service (and yes, that
will stop everything ;-).  He is referring to the Microsoft Firewall
Client Version installed on your client workstation.  Are your client
workstations utilizing that or are they SecureNAT clients (no client,
just a workstation setup with the ISA server IP as their gateway /
router address).  

I have only tested the Cisco VPN client with workstations setup as
SecureNAT clients.  From your message, everything looks good up until it
begins securing the communications channel.  That is the make or break
point.  Since yours it terminating right there, the indication would be
that the secure channel (tunnel) could not be established).  

Lets get point of reference to start troubleshooting this.  Can you
unplug your client from the internal network and put outside the ISA
server on the internet?  Does it work from there?


-----Original Message-----
From: GT [mailto:torchetti@xxxxxxxxxxxx]
Sent: Friday, November 09, 2001 7:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: cisco vpn dialer (IPSEC)


That's a whole other story...
If I disable my client nothing works behind the firewall? Not sure why?
I am new to this ISA thing and that definitly doesn't help.

If I disable the FW service, that is the only way to make things work.



you> -----Original Message-----
you> From: David Elmquist [mailto:david@xxxxxxxxxx]
you> Sent: Friday, November 09, 2001 2:00 AM
you> To: [ISAserver.org Discussion List]
you> Subject: [isalist] RE: cisco vpn dialer (IPSEC)
you> 
you> 
you> http://www.ISAserver.org
you> 
you> 
you> 
you> If you have a Firewall client installed, try to disable that, and
you> connect again.
you> 
you>  David Elmquist
you> 
you> -----Original Message-----
you> From: GT [mailto:torchetti@xxxxxxxxxxxx] 
you> Sent: 9. november 2001 02:46
you> To: [ISAserver.org Discussion List]
you> Subject: [isalist] RE: cisco vpn dialer (IPSEC)
you> 
you> 
you> Well I am not getting that far.
you> I get the logon screen and I enter my username/password, 
you> and then (last
you> 3 lines after a short timeout)..
you> 
you> Initializing the connection...
you> Contacting the security gateway at 207.35.60.67... Authenticating
you> user... Contacting the security gateway at 207.35.60.67... 
you> Negotiating
you> security policies... Securing communication channel... Remote peer
you> terminated connection.
you> 
you> Isn't there a rule I can add that will allow everything?
you> Anyway I've been hammering away for a while and I am just about to
you> revert back to my Linux firewall??
you> 
you> Thanks for your help and if you have anything else to 
you> suggest, it will
you> be greatly appreciated.
you> 
you> 
you> you> -----Original Message-----
you> you> From: Jeffrey M. Butte
you> you> 
you> you> I assume you are getting a connection to your client
you> you> behind ISA but it
you> you> is stopping there....  Configuring your client depends on 
you> you> if and how it
you> you> was customized.  The config may be different for everyone.
you> you> 
you> you> 1.)  Configure your client to use IPSEC through NAT Mode
you> you> (general tab
you> you> under properties)
you> you> 2.)  Connect the client to the Altiga box.
you> you> 3.)  Right click the client in the system tray and 
you> select status.
you> you> 4.)  Note the NAT port listed.
you> you> 5.)  Launch the ISA management console and create two protocol
you> you> definitions:
you> you> 
you> you>            Port: 500
you> you>        Protocol: UDP
you> you>       Direction: SEND
you> you> 
you> you>            Port: <the one you noted>
you> you>        Protocol: UDP
you> you>       Direction: SEND
you> you> 
you> you> Give that a shot.
you> you> 
you> you> Jeff Butte
you> you> mailto:jbutte@xxxxxx
you> you> 
you> you> 
you> you> 
you> you>               
you> you> 
you> you> 
you> you> -----Original Message-----
you> you> From: GT [mailto:torchetti@xxxxxxxxxxxx]
you> you> Sent: Tuesday, November 06, 2001 7:54 PM
you> you> To: [ISAserver.org Discussion List]
you> you> Subject: [isalist] cisco vpn dialer (IPSEC)
you> you> 
you> you> 
you> you> http://www.ISAserver.org
you> you> 
you> you> 
you> you> I have a workstation needing to connect to an external vpn
you> you> altiga box.
you> you> Anyone have any clue as to what filter to enable 
you> you> port/whatever to get
you> you> this
you> you> working?
you> you> 
you> you> Thanks!
you> you> torchetti@xxxxxxxxxxxx
you> you> 
you> you> ------------------------------------------------------
you> you> You are currently subscribed to this ISAserver.org
you> you> Discussion List as:
you> you> jbutte@xxxxxx
you> you> To unsubscribe send a blank email to 
you> you> $subst('Email.Unsub')
you> you> 
you> you> 
you> you> ------------------------------------------------------
you> you> You are currently subscribed to this ISAserver.org
you> you> Discussion List as: torchetti@xxxxxxxxxxxx
you> you> To unsubscribe send a blank email to 
you> you> $subst('Email.Unsub')
you> 
you> ------------------------------------------------------
you> You are currently subscribed to this ISAserver.org 
you> Discussion List as: torchetti@xxxxxxxxxxxx
you> To unsubscribe send a blank email to 
you> $subst('Email.Unsub')

Other related posts:

• » cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)
• » Re: cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)
• » RE: cisco vpn dialer (IPSEC)

1. Home
2. isalist
3. Archive
4. 11-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---