Uh... no, he is not referring to the Firewall Service (and yes, that will stop everything ;-). He is referring to the Microsoft Firewall Client Version installed on your client workstation. Are your client workstations utilizing that or are they SecureNAT clients (no client, just a workstation setup with the ISA server IP as their gateway / router address). I have only tested the Cisco VPN client with workstations setup as SecureNAT clients. From your message, everything looks good up until it begins securing the communications channel. That is the make or break point. Since yours it terminating right there, the indication would be that the secure channel (tunnel) could not be established). Lets get point of reference to start troubleshooting this. Can you unplug your client from the internal network and put outside the ISA server on the internet? Does it work from there? -----Original Message----- From: GT [mailto:torchetti@xxxxxxxxxxxx] Sent: Friday, November 09, 2001 7:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: cisco vpn dialer (IPSEC) That's a whole other story... If I disable my client nothing works behind the firewall? Not sure why? I am new to this ISA thing and that definitly doesn't help. If I disable the FW service, that is the only way to make things work. you> -----Original Message----- you> From: David Elmquist [mailto:david@xxxxxxxxxx] you> Sent: Friday, November 09, 2001 2:00 AM you> To: [ISAserver.org Discussion List] you> Subject: [isalist] RE: cisco vpn dialer (IPSEC) you> you> you> http://www.ISAserver.org you> you> you> you> If you have a Firewall client installed, try to disable that, and you> connect again. you> you> David Elmquist you> you> -----Original Message----- you> From: GT [mailto:torchetti@xxxxxxxxxxxx] you> Sent: 9. november 2001 02:46 you> To: [ISAserver.org Discussion List] you> Subject: [isalist] RE: cisco vpn dialer (IPSEC) you> you> you> Well I am not getting that far. you> I get the logon screen and I enter my username/password, you> and then (last you> 3 lines after a short timeout).. you> you> Initializing the connection... you> Contacting the security gateway at 207.35.60.67... Authenticating you> user... Contacting the security gateway at 207.35.60.67... you> Negotiating you> security policies... Securing communication channel... Remote peer you> terminated connection. you> you> Isn't there a rule I can add that will allow everything? you> Anyway I've been hammering away for a while and I am just about to you> revert back to my Linux firewall?? you> you> Thanks for your help and if you have anything else to you> suggest, it will you> be greatly appreciated. you> you> you> you> -----Original Message----- you> you> From: Jeffrey M. Butte you> you> you> you> I assume you are getting a connection to your client you> you> behind ISA but it you> you> is stopping there.... Configuring your client depends on you> you> if and how it you> you> was customized. The config may be different for everyone. you> you> you> you> 1.) Configure your client to use IPSEC through NAT Mode you> you> (general tab you> you> under properties) you> you> 2.) Connect the client to the Altiga box. you> you> 3.) Right click the client in the system tray and you> select status. you> you> 4.) Note the NAT port listed. you> you> 5.) Launch the ISA management console and create two protocol you> you> definitions: you> you> you> you> Port: 500 you> you> Protocol: UDP you> you> Direction: SEND you> you> you> you> Port: <the one you noted> you> you> Protocol: UDP you> you> Direction: SEND you> you> you> you> Give that a shot. you> you> you> you> Jeff Butte you> you> mailto:jbutte@xxxxxx you> you> you> you> you> you> you> you> you> you> you> you> you> you> -----Original Message----- you> you> From: GT [mailto:torchetti@xxxxxxxxxxxx] you> you> Sent: Tuesday, November 06, 2001 7:54 PM you> you> To: [ISAserver.org Discussion List] you> you> Subject: [isalist] cisco vpn dialer (IPSEC) you> you> you> you> you> you> http://www.ISAserver.org you> you> you> you> you> you> I have a workstation needing to connect to an external vpn you> you> altiga box. you> you> Anyone have any clue as to what filter to enable you> you> port/whatever to get you> you> this you> you> working? you> you> you> you> Thanks! you> you> torchetti@xxxxxxxxxxxx you> you> you> you> ------------------------------------------------------ you> you> You are currently subscribed to this ISAserver.org you> you> Discussion List as: you> you> jbutte@xxxxxx you> you> To unsubscribe send a blank email to you> you> $subst('Email.Unsub') you> you> you> you> you> you> ------------------------------------------------------ you> you> You are currently subscribed to this ISAserver.org you> you> Discussion List as: torchetti@xxxxxxxxxxxx you> you> To unsubscribe send a blank email to you> you> $subst('Email.Unsub') you> you> ------------------------------------------------------ you> You are currently subscribed to this ISAserver.org you> Discussion List as: torchetti@xxxxxxxxxxxx you> To unsubscribe send a blank email to you> $subst('Email.Unsub')