GRE over IPSec in ISA2004

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "networkdude" <networkdude@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 18 May 2005 16:36:02 -0700

Hello,

Is GRE over IPSec possible with ISA 2004? I need to get a routing protocol
(Cisco EIGRP) through an existing ISA 2004 IPSec Tunnel.

The ISA log consistently reports "Failed connection attempt" for the GRE
traffic. All other traffic (ICMP, TCP, UDP) works fine through the IPSec
tunnel. The access rule includes GRE (IP protocol 47), and the failed
connections in the log correctly correlate to the GRE access rule.

I'm beginning to wonder if ISA is hardcoded to block GRE tunnels through it.
This same scenario works fine through an IPSec tunnel between 2 plain Win2k
servers (Local IPSec Policy).

Regards,

John
.

Prev by Date: Policy Elements - Blocking web sites
Next by Date: Re: Is there a tool or a report to view what's in Cache?
Previous by thread: Policy Elements - Blocking web sites
Next by thread: Re: Is there a tool or a report to view what's in Cache?
Index(es):
- Date
- Thread

Relevant Pages

Re: VPN between Concentrator & Router
... I actually recommend a slightly more complex solution using GRE ... Since IPSec tunnels don't support any routing protocols ... does pass through the IPSec tunnel. ...
(comp.dcom.sys.cisco)
Re: Site to Site VPN with SBS 2003 and ISA
... So for site to site the only mode supported by SBS 2003 using ISA is ... L2TP/IPsec and not IPsec tunnel? ... if the VPN client and the Netscreen VPN server both ... IPsec Tunnel mode should be working right? ...
(microsoft.public.windows.server.sbs)
Re: VPN connect error 691 help - new postings
... I did and now I get a VPN connection but it is limited and un authenticated. ... Based on the research of the main error message we received during the GRE ... please also enable ISA logging and reproduce this ... Clear the current existing W3C logs. ...
(microsoft.public.windows.server.sbs)
Re: ISA 06 PPTP VPN via NAT
... In fact, GRE packets are what is used to transfer the data, while the TCP connection is only used for command channels. ... A LOT of cheap/stupid equipment and admins are unaware of this fact - and then, for example, filter out GRE. ... If any of my users try and connect to a remote VPN server they recieve an error and the connection does not iniaite, I can see packets on port tcp/1723 leaving the box, none of the users are running the ISA firewall client. ... My ISP connection is just plain old ethernet with no pppoe just a static IP address, if I plug my laptop into it I can VPN no problems at all, my cisco PIX can also NAT PPTP connections out of it, I've even gone so far as rolling back to Windows 2003 & ISA 2004 with no success, formatted and started again a couple of times. ...
(microsoft.public.isa.vpn)
Re: SBS2000 to router IPSEC
... Follow this link and scroll down to the IPSEC section. ... If i stop ISA services, ... dinamicaly monitor the ISA server activity, ... Another thing wich i am not sure is if i have to create the IPsec policie ...
(microsoft.public.windows.server.sbs)