RE: non-windows VPN Server behind ISA 2004 - revisited
- From: "Crockett, Gregory" <Gregory.Crockett@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Oct 2005 10:30:45 -0500
Jim,
This is from the switch doc:
The AP and secure switch communication uses the UDP 4500 port. When both
the switch and the AP are behind NAT devices, the AP is configured to
use the NAT device's public address as its master address. On the NAT
device, it is necessary to enable NAT-T (UDP port 4500 only) and forward
all packets to the public address of the NAT device on UDP port 4500 to
the Aruba Aruba
Mobility Controller to ensure that the Remote AP bootstraps
successfully.
The VPN server is published as IPSec NAT-T Server without an internal
ISA server. The wireless switch connects to ISA via windows 2003/rras.
TIA
greg
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, October 13, 2005 9:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: non-windows VPN Server behind ISA 2004 -
revisited
http://www.ISAserver.org
ISA External to ISA internal == NAT.
IPSec + NAT == busted connection.
-----Original Message-----
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Thursday, October 13, 2005 5:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] non-windows VPN Server behind ISA 2004 - revisited
http://www.ISAserver.org
The VPN server is Aruba Networks wireless switch. The client, a remote
wireless access point(RAP), connects to the switch via an ipsec/l2tp
tunnel. The logs of the switch indicate the tunnel completed, however,
ESP died in the process. The wireless client can attach to the switch
across ISA internally -- not from the Internet. ISA logs indicate the
RAP connects to the switch on port/protocol 4500/udp (IPSec NAT-T
Server). When the RAP connects internally, ISA logs indicates
port/protocol (IpSec NAT-T Client).
TIA
greg
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
