vpn over nat through isa server
From: christy (christyeliask_at_yahoo.com)
Date: 06/02/04
- Next message: André Lemos: "Re: VPN connection not working"
- Previous message: christy: "Re: vpn over nat through isa 2000 server"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Jun 2004 23:55:04 -0700
Hello All,
Thank you for your kind information.
Our company scenario is like this
ISA 2000 server with SP1
One of our local user want to connect to other different
network which is located somewhere else in Europe..
This is the steps i have done in my organisation..and it
is working fine.
Create the Protocol Definitions
Create the new custom protocols to enable the transparent
tunneling feature. To do so, follow these steps:
1) Start the ISA Management snap-in. To do so, click
Start, point to Programs, point to Microsoft ISA Server,
and then click ISA Management.
2) Under Policy Elements, locate the Protocol Definitions
container.
3) Right-click Protocol Definitions, point to New, and
then click Definition.
4) In the Protocol definition name box, type a descriptive
name for the definition (for example, type Port 500 UDP
Send Receive), and then click Next.
5) In the Port number box, type 500. In the Protocol type
list, click UDP. In the Direction list, click Send Receive
(do not click Receive Send), and then click Next.
6) Under Do you want to use Secondary connections?, click
No, and then click Next.
7) Confirm your settings, and then click Finish.
8) In the left pane, right-click Protocol Definitions,
point to New, and then click Definition.
9) In the Protocol definition name box, type a descriptive
name for the definition (for example, type Port 4500 UDP
Send Receive), and then click Next.
10) In the Port number box, type 4500. In the Protocol
type list, click UDP. In the Direction list, click Send
Receive (do not click Receive Send), and then click Next.
11) Under Do you want to use Secondary connections?, click
No, and then click Next.
12) Confirm your settings, and then click Finish.
The new custom protocols are listed in the right pane
under Available Protocols.
Create a Protocol Rule
Create a protocol rule to allow access using the new
custom protocols that you created. To do so, follow these
steps:
1) Start the ISA Management snap-in. To do this, click
Start, point to Programs, point to Microsoft ISA Server,
and then click ISA Management.
2) Under Access Policy, locate to the Protocol Rules
container.
3) Right-click Protocol Rules, point to New, and then
click Rule.
4) In the Protocol rule name box, type a name for the rule
(for example, type Allow Cisco IPSec VPN Client), and then
click Next.
5) Click Allow, and then click Next.
6) In the Apply this rule to list, click Selected
protocols.
7) In the Protocols list, click to select the check boxes
that correspond to the three custom protocols that you
created earlier, and then click Next.
8) In the Use this schedule list, click the schedule that
you want to use when allowing these protocols (for
example, click Work hours), and then click Next.
9) Under Apply the rule to requests from, click Any
request (unless you want to restrict these protocols to
certain client address sets), and then click Next.
10) Confirm the configuration selections, and then click
Finish.
The new protocol rule is listed under Available Protocol
Rules in the right pane.
Create Site and contents Rules in place allowing access to
the destination VPN gateway.
To do so, follow these steps:
1) Start the ISA Management snap-in. To do this, click
Start, point to Programs, point to Microsoft ISA Server,
and then click ISA Management.
2) Under Access Policy, locate to the Site and content
rules.
3) Right-click Site and content rules, point to New, and
then click Rule.
4) In the Protocol rule name box, type a name for the rule
(for example, type your company name or anything), and
then click Next.
5) Click Allow, and then click Next.
6) Click Custom and then click Next..
7) In the Destination sets name box select the All
destinations and then click Next.
8) In the Shcedule name box select always ( you can select
which option require for your requirement).
9) In the Client type name box click on any request and
then click next
10) In the Content Groups name box Click on any content
type and then click next.
11) Confirm the configuration selections, and then click
Finish.
The new Site and Content Rules listed under Available
Rules in the right pane.
Client side configuration to work with ISA server
1) Change the default gateway address to firewall IP
address eg:(12.12.12.12).
2) In IPSec VPN client software's server name feild must
give IP address (eg:124.12.12.123) instead of giving
server's name( microsoft.com).
3)Firewall client must be disabled.
4)If connected to (microsoft.com), proxy setting must be
disabled in the internet explorer settings for internet
browsing .
Best regards Christy Elias
>-----Original Message-----
>Hi all,
>
>I am facing a problem in my ISA server..
>
>One user want to connect the network which is located in
>somewhere else in Europe, using IPSec VPN client software
>through ISA 2000 server, This server acting as Proxy as
>well as firewall for your LAN. The documents in the
>microsoft website i have enabled UDP Port
>4500,500,10000..but nothing is improved in that part.. Do
>you have any idea how do i handle this situation
>
>Thanks in advance
>
>Best regards Chirsty.
>.
>
- Next message: André Lemos: "Re: VPN connection not working"
- Previous message: christy: "Re: vpn over nat through isa 2000 server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
