RE: Upgraded to sbs2003 now Cisco VPN access fails on some id's
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Wed, 08 Feb 2006 06:53:07 GMT
Hi Dave,
Thank you for posting in SBS newsgroup.
From the description, do you mean some user accounts can not establish theVPN connection with the external Cisco 3005 concentrator using Cisco VPN
clients from inside the SBS 2003 network?
If so, based on my knowledge, the Cisco VPN client is a client side
connection manage program for Cisco VPN server. It uses L2TP/IPSec VPN
method. If it is not a Cisco Concentrator 3300, I'm afraid that you may not
be able to establish the VPN connection by using IPsec. As IPSec is
designed, it doesn't allow going through a firewall (NAT) to connect for
security reasons.
818043 L2TP/IPSec NAT-T Update for Windows XP and Windows 2000
http://support.microsoft.com/?id=818043
You may refer to the following KB article:
812076 How to enable a Cisco IPSec VPN client to connect to a Cisco VPN
concentrator through ISA Server 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;812076
You can refer to the port usage described in the KB. For UDP port 500 and
4500, we can use the pre-defined protocol definitions in ISA server 2004
(IKE Client and IPSec NAT-T Client). For UDP port 10000, you may want to
create a new protocol definition for this. Please create a rule to allow
the three protocols from internal network to external.
Please also make sure that the clients are running in SecureNAT mode. The
VPN pass-through would not work in firewall client method.
More info:
http://www.isaserver.org/articles/IPSec_Passthrough.html
Please understand that since this is a third-party VPN solution with
specific design, we cannot guarantee it will work fine with the ISA
firewall. You may also need to involve the Cisco support into this issue.
Some settings on the VPN client or the server could also affect the VPN
connection through a firewall. Anyway, I will try my best to help you on
this issue.
This response contains a reference to a Third party World Wide Web site.
You should know that Third party sites are not under the control of
Microsoft. Accordingly, Microsoft can make no representation concerning
the content of these sites. Microsoft is providing this information only
as a convenience to you. This is to inform you that Microsoft has not
tested any software or information found on these sites and therefore
cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. There are inherent
dangers in the use of any software found on the Internet, and Microsoft
cautions you to make sure that you completely understand the risk before
retrieving any software on the Internet.
I am appreciated your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Upgraded to sbs2003 now Cisco VPN access fails on some id's
| | From: "=?Utf-8?B?RGF2ZVI=?=" <DaveR@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Upgraded to sbs2003 now Cisco VPN access fails on some id's
| Date: Tue, 7 Feb 2006 13:49:27 -0800
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| I upgraded from SBS200 to SBS2003. I have a Cisco 3005 concentrator for
vpn
| access which worked on sbs2000. Now on some id's not all, the user cannot
| authenticate through the Cisco concentrator. I have applied SP1 for
sb2003.
| It does not make any difference in which groups a user is in, an admin
| account may not work but just a domain user will work. I can create a new
| user and it will work.
| Cisco says they are just passing the information through Kerberos to AD.
| thanks
|
.
- Prev by Date: RE: certsrv.exe (1488)
- Next by Date: RE: Network Identification Wizard
- Previous by thread: RE: Problem Installing Server Tools
- Next by thread: RE: Remote Administration 404 Error, File or Directory not Found
- Index(es):
Relevant Pages
|
|
