Re: cisco vpn and ISA 2004

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi ROL,
Two things they need to do:

1. NOT use TCP
2. Allow source port for the IKE to be an ephemeral port
Both are part of the NAT-T RFC
HTH,
--
Tom
Get your questions answered at:
http://forums.isaserver.org
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
FACT: Firewalls need at least two interfaces -- put a second NIC in that ISA
firewall!


"ROL" <ROL@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC243878-0D97-4BD2-81FE-60D26715078C@xxxxxxxxxxxxxxxx
: Thanks for your response,..However, I am not sure that the VPN server
: operator is requiring TCP. I only had to open UDP ports. With that said,
it
: does not work and it is possible that I need to open a TCP port. But I am
: not sure how to find out.
:
: Any suggestions on how to resolve this issue from the ISA side?
:
: "Thomas W Shinder [MVP]" wrote:
:
: > Hi ROL,
: > Tell the VPN server operator that its very bad to require TCP for NAT-T
: > connections, and that they need to be RTC compliant for the IKE.
: > HTH,
: > --
: > Tom
: > Get your questions answered at:
: > http://forums.isaserver.org
: > Get the book!
: > Tom and Deb Shinder's Configuring ISA Server 2004
: > http://tinyurl.com/3xqb7
: > MVP -- ISA Firewalls
: > FACT: Firewalls need at least two interfaces -- put a second NIC in that
ISA
: > firewall!
: >
: >
: > "ROL" <ROL@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
: > news:557C33CC-AB6B-44D3-8EE5-B5CB923E7ADF@xxxxxxxxxxxxxxxx
: > : Greetings,
: > :
: > : I am trying to connect to an external network via a cisco vpn client.
I
: > am
: > : behind an ISA 2004 server. I have:
: > :
: > : 1. I have created protocol definitions to allow ports 500/UDP,
2746/UDP,
: > : 4500/UDP, 10000/UDP and 20000/UDP.
: > : 2. I enabled these ports by creating an access policy and applying it
to
: > any
: > : request.
: > :
: > : When I try to make the cisco vpn connection I get an error: "Secure
VPN
: > : Connection terminated locally by Client. Reason 412: The remote peer
is
: > no
: > : longer responding."
: > :
: > : Any suggestions?
: > :
: > : Thanks!
: > :
: > : ROL
: >
: >
: >


.

Relevant Pages

  • Re: WISO Mein Geld 2005
    ... Du kannst aber, den 8080 Port ändern für den ... Proxyzugriff auf den ISA. ... > 53 TCP ... Kann ich diesen Abruf über einen anderen Port umleiten? ...
    (microsoft.public.de.german.isaserver)
  • Kein externer Zugriff auf Website : 10061
    ... Isa 2000 auf w2003 mit zwei NIC's. ... Der Webserver läuft auch auf dem ISA und sit auf Port 8080 eingestellt. ... TCP 192.168.20.108:3069 192.168.20.111:139 HERGESTELLT ...
    (microsoft.public.de.german.isaserver)
  • Re: format/syntax to "forward Port 25 to your external NIC"
    ... Are you running ISA server 2004? ... Port 443 - Protocol: TCP ...
    (microsoft.public.windows.server.sbs)
  • Re: Opening ports...
    ... Oh, yeah, Tom. ... > there's no such thing as "opening a port), then the term should be banned ... > Tom and Deb Shinder's Configuring ISA Server 2004 ... server external to the ISA while database server is internal, ...
    (microsoft.public.isa)
  • Re: Öffnen von Port funktioniert nicht
    ... Allerdings lässt er mich TCP Port 4603 nicht freischalten bzw. bringt ... Du musst eine Protokolldefinition mit Port 4603 TCP eingehend erstellen ... Wie ist denn Dein ISA konfiguriert? ... Wie werden die Subnetze am ISA ...
    (microsoft.public.de.german.isaserver)