RE: Cisco VPN and IPSec through ISA
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Thu, 20 Oct 2005 04:27:38 GMT
Dear Nic:
Thanks for posting here. Also many thanks for Tommy's input.
For different version of the Cisco VPN software, different ports will be
used. If memory serves me well, some third party VPN software need to open
additional TCP or UDP port such as UDP 10000, UDP 500 and UDP 4500. Since I
have limited knowledge on Cisco VPN field, you may need to contact the
vendor for more detailed information. Thanks for your understanding!
However, I would still like to provide some information:
Here is the sample to open the UDP port 62515 on the ISA 2000. (Port 62515
needs to be opened in some versions of the Cisco VPN client)
To allow UDP port 62515 pass through ISA2000, we need to do the following
steps:
Method 1: If the Cisco VPN client is installed on the internal workstations
1. Create a new protocol definition:
Open ISA management console, navigate to Policy Elements\Protocol
Definitions, right click it and choose New->Definition, and then create the
following protocol definition:
Port number: 62515
Protocol type: UDP
Direction: Send Receive
Secondary Connections: No
2. Then create a new protocol rule:
Navigate to Access Policy\Protocol Rules, right click it and select
New->Rule. Create this new protocol rule as following:
Rule Name: Allow UDP port 62515
Rule Action: Allow
Protocols: the new protocol created before
Apply the rule to: Any request
3. Navigate to Monitoring | Services, on the right pane, restart the
Firewall Service.
Method 2: If the Cisco VPN Client is installed on the SBS Server itself.
In this case, we can create a Packet Filter as you mentioned, to do so,
please perform the following steps:
1. Navigate to Access Policy | IP Packet Filters, right click it and select
New->Filter.
2. Create a new Packet Filters as the following:
IP packet filter name: Allow UDP port 62515
Filter Mode: Allow packet transmission
Filter Type: Custom
Filter Settings: UDP | Send receive (Note: NOT Receive send) | All
ports(Local port) | Fixed port: 62515 (Remote port)
Local Computer: Default IP addresses for each external interface on the ISA
Server computer
Remote Computers: All remote computers
3. Restart the Firewall Services
More information:
Cisco VPN and Windows XP SP2
http://www.peterprovost.org/archive/2004/08/12/1754.aspx
Hope the above information helps.
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Cisco VPN and IPSec through ISA
| thread-index: AcXUfw+yT13d7i9KSqeiL6OIwAXM4g==
| X-WBNR-Posting-Host: 202.61.170.109
| From: "=?Utf-8?B?R3JhZW1lUg==?=" <GraemeR@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Cisco VPN and IPSec through ISA
| Date: Wed, 19 Oct 2005 00:31:03 -0700
| Lines: 10
| Message-ID: <390488B8-5121-4552-8589-A09AA04E9067@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162593
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have Cisco VPN 4.6.04.0043 and I am trying to connect to a remote site
| through my SBS2003 premium network with ISA2000. Like others, I can get
this
| to work when outside my SBS network (at home) and believe ISA is blocking
| communication. I have read a number of related articles here but cannot
| manage to understand what I need to update to let my request through ISA.
| Other posts here discuss what has to be added, without saying how to do
it.
| I am at the level where I need explicit instructions.
|
| Could the instructions on this page be what I am after?
| http://support.microsoft.com/default.aspx?scid=kb;en-us;816514
|
.
- Prev by Date: RE: ISA 2004 fails to install with SBS 2003 Premium CD
- Next by Date: RE: dns not letting me login to microsoft passport
- Previous by thread: RE: ISA 2004 fails to install with SBS 2003 Premium CD
- Next by thread: Re: Accessing exchange OWA from external
- Index(es):
Relevant Pages
|
