RE: Cisco Client Cannot Connect Outbound
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Tue, 07 Mar 2006 03:23:01 GMT
Hi Bill,
Thank you for posting in SBS newsgroup.
From the description, I understand that you want to allow the internalCisco VPN clients to establish the VPN connection with the external VPN
server through Microsoft Internet Security and Acceleration (ISA) Server
2004. If I have misunderstood your concerns, please do not hesitate to let
me know.
Based on my knowledge, the Cisco VPN client is a client side connection
manage program for Cisco VPN server. It uses L2TP/IPSec VPN method. Is it a
Cisco Concentrator 3300? If not, I'm afraid that you may not be able to
establish the VPN connection by using IPsec. As IPSec is designed, it
doesn't allow going through a firewall (NAT) to connect for security
reasons.
818043 L2TP/IPSec NAT-T Update for Windows XP and Windows 2000
http://support.microsoft.com/?id=818043
If the remote VPN server is a Cisco Concentrator 3300, you may refer to the
following KB article:
812076 How to enable a Cisco IPSec VPN client to connect to a Cisco VPN
http://support.microsoft.com/?id=812076
You can refer to the port usage described in the KB. For UDP port 500 and
4500, we can use the pre-defined protocol definitions in ISA server 2004
(IKE Client and IPSec NAT-T Client). For UDP port 10000, you may want to
create a new protocol definition for this. Please create a rule to allow
the three protocols from internal network to external.
Please also make sure that the clients are running in SecureNAT mode. The
VPN pass-through would not work in firewall client method.
Please also run CEICW and select Enable firewall and then make sure Virtual
Private Networking (VPN) is selected in the Services Configuration page.
Related info:
http://www.isaserver.org/articles/IPSec_Passthrough.html
Please understand that since this is a third-party VPN solution, you may
also need to involve the Cisco support into this issue. Some settings on
the VPN client or the server could also affect the VPN connection through a
firewall.
More information:
838245 How to permit PPTP clients to access the external network through ISA
http://support.microsoft.com/?id=838245
887006 When you use the ISA 2004 Firewall Client program, you cannot make a
http://support.microsoft.com/?id=887006
This response contains a reference to a Third party World Wide Web site.
You should know that Third party sites are not under the control of
Microsoft. Accordingly, Microsoft can make no representation concerning
the content of these sites. Microsoft is providing this information only
as a convenience to you. This is to inform you that Microsoft has not
tested any software or information found on these sites and therefore
cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. There are inherent
dangers in the use of any software found on the Internet, and Microsoft
cautions you to make sure that you completely understand the risk before
retrieving any software on the Internet.
I hope the above information helps. If you have any questions or concerns,
please feel free to let me know. I look forward to your reply!
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Bill Glidden" <billyg1943@xxxxxxxxxxx>
| Subject: Cisco Client Cannot Connect Outbound
| Date: Mon, 6 Mar 2006 19:50:29 +1000
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| Tidying up swing migration from SBS 200 to 2003 SP1 + ISA 2004 and have a
| problem with Cisco VPN client on the LAN being unable to connect to a
remote
| site. I know the ports to use but I am unsure as to how I use CEICW to
| open them (assuming this is the problem). It used to work with the old
| server and the new server is the only change. Can someone please tell me
| how to do this?
|
|
|
.
- Follow-Ups:
- Re: Cisco Client Cannot Connect Outbound
- From: Bill Glidden
- Re: Cisco Client Cannot Connect Outbound
- References:
- Cisco Client Cannot Connect Outbound
- From: Bill Glidden
- Cisco Client Cannot Connect Outbound
- Prev by Date: Re: Urgent! New router and big disaster
- Next by Date: Re: Urgent! New router and big disaster
- Previous by thread: Cisco Client Cannot Connect Outbound
- Next by thread: Re: Cisco Client Cannot Connect Outbound
- Index(es):
Relevant Pages
|
