Re: Cisco Client Cannot Connect Outbound
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Tue, 07 Mar 2006 10:26:29 GMT
Hi Bill,
Thanks for your update.
As I know, ISA Server 2004 supports a more secure way of communication
between the Firewall client and ISA Server. So you may need to configure
the protocol definition for the third party VPN access.
Fro more information regarding ISA 2004, you may need to refer the
following documents:
What's New and Improved in ISA Server 2004
http://www.microsoft.com/isaserver/evaluation/whatsnew.asp
ISA Server 2004 Performance Best Practices
http://www.microsoft.com/technet/prodtechnol/isa/2004/performancebestpractic
es.mspx
ISA Server 2004 Quick Start Guide
http://download.microsoft.com/download/3/7/b/37b0cbc4-e578-4082-a779-de4fbe8
76f06/ISA2004SE_quickstartguide-Rev%201%2003.doc
ISA Server 2004 ISA Server 2004 Configuration Guide
http://download.microsoft.com/download/3/7/b/37b0cbc4-e578-4082-a779-de4fbe8
76f06/ISA2004SE_configguide-Rev%201%2003.doc
ISA Server 2004 Product Documentation
http://download.microsoft.com/download/5/a/e/5ae686f4-c4a6-4213-bc50-abc46b0
714dc/isa.chm
ISA 2004 Guidance
http://www.microsoft.com/isaserver/techinfo/guidance/2004/default.mspx
ISA 2004 best practices, Tips and Tricks:
http://www.isaserver.org/tutorials/2004bestpractices-p1.html
Thanks for your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Bill Glidden" <billyg1943@xxxxxxxxxxx>
| References: <#v1KoNQQGHA.3460@xxxxxxxxxxxxxxxxxxxx>
<ldL1xZZQGHA.6504@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Cisco Client Cannot Connect Outbound
| Date: Tue, 7 Mar 2006 19:03:56 +1000
| Lines: 146
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <u#NrSYcQGHA.1556@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: cpe-61-9-218-244.qld.bigpond.net.au 61.9.218.244
| Path: TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:250085
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Crina,
|
| This was working previously on SBS 2000 + ISA 2000 which was relaced the
SBS
| 2003 + ISA 2004. Are you telling me that ISA 2004 is fundamentally
| different to ISA 2000? I hope not or my client will not be happy.
|
| Regards,
| Bill
|
| ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:ldL1xZZQGHA.6504@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Bill,
| >
| > Thank you for posting in SBS newsgroup.
| >
| > From the description, I understand that you want to allow the internal
| > Cisco VPN clients to establish the VPN connection with the external VPN
| > server through Microsoft Internet Security and Acceleration (ISA) Server
| > 2004. If I have misunderstood your concerns, please do not hesitate to
let
| > me know.
| >
| > Based on my knowledge, the Cisco VPN client is a client side connection
| > manage program for Cisco VPN server. It uses L2TP/IPSec VPN method. Is
it
| > a
| > Cisco Concentrator 3300? If not, I'm afraid that you may not be able to
| > establish the VPN connection by using IPsec. As IPSec is designed, it
| > doesn't allow going through a firewall (NAT) to connect for security
| > reasons.
| >
| > 818043 L2TP/IPSec NAT-T Update for Windows XP and Windows 2000
| > http://support.microsoft.com/?id=818043
| >
| > If the remote VPN server is a Cisco Concentrator 3300, you may refer to
| > the
| > following KB article:
| >
| > 812076 How to enable a Cisco IPSec VPN client to connect to a Cisco VPN
| > http://support.microsoft.com/?id=812076
| >
| > You can refer to the port usage described in the KB. For UDP port 500
and
| > 4500, we can use the pre-defined protocol definitions in ISA server 2004
| > (IKE Client and IPSec NAT-T Client). For UDP port 10000, you may want to
| > create a new protocol definition for this. Please create a rule to allow
| > the three protocols from internal network to external.
| >
| > Please also make sure that the clients are running in SecureNAT mode.
The
| > VPN pass-through would not work in firewall client method.
| >
| > Please also run CEICW and select Enable firewall and then make sure
| > Virtual
| > Private Networking (VPN) is selected in the Services Configuration page.
| >
| > Related info:
| >
| > http://www.isaserver.org/articles/IPSec_Passthrough.html
| >
| > Please understand that since this is a third-party VPN solution, you may
| > also need to involve the Cisco support into this issue. Some settings on
| > the VPN client or the server could also affect the VPN connection
through
| > a
| > firewall.
| >
| > More information:
| >
| > 838245 How to permit PPTP clients to access the external network
through
| > ISA
| > http://support.microsoft.com/?id=838245
| >
| > 887006 When you use the ISA 2004 Firewall Client program, you cannot
make
| > a
| > http://support.microsoft.com/?id=887006
| >
| > This response contains a reference to a Third party World Wide Web site.
| > You should know that Third party sites are not under the control of
| > Microsoft. Accordingly, Microsoft can make no representation concerning
| > the content of these sites. Microsoft is providing this information
only
| > as a convenience to you. This is to inform you that Microsoft has not
| > tested any software or information found on these sites and therefore
| > cannot make any representations regarding the quality, safety, or
| > suitability of any software or information found there. There are
| > inherent
| > dangers in the use of any software found on the Internet, and Microsoft
| > cautions you to make sure that you completely understand the risk before
| > retrieving any software on the Internet.
| >
| > I hope the above information helps. If you have any questions or
concerns,
| > please feel free to let me know. I look forward to your reply!
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > --------------------
| > | From: "Bill Glidden" <billyg1943@xxxxxxxxxxx>
| > | Subject: Cisco Client Cannot Connect Outbound
| > | Date: Mon, 6 Mar 2006 19:50:29 +1000
| > | | Newsgroups: microsoft.public.windows.server.sbs
| > | |
| > | Tidying up swing migration from SBS 200 to 2003 SP1 + ISA 2004 and
have
| > a
| > | problem with Cisco VPN client on the LAN being unable to connect to a
| > remote
| > | site. I know the ports to use but I am unsure as to how I use CEICW
to
| > | open them (assuming this is the problem). It used to work with the
old
| > | server and the new server is the only change. Can someone please
tell
| > me
| > | how to do this?
| > |
| > |
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: Cisco Client Cannot Connect Outbound
- From: Bill Glidden
- Re: Cisco Client Cannot Connect Outbound
- References:
- Cisco Client Cannot Connect Outbound
- From: Bill Glidden
- RE: Cisco Client Cannot Connect Outbound
- From: "Crina Li"
- Re: Cisco Client Cannot Connect Outbound
- From: Bill Glidden
- Cisco Client Cannot Connect Outbound
- Prev by Date: Re: Windows SBS Server display issue
- Next by Date: RE: Folder Redirection suddenly want to sync to "administrator"
- Previous by thread: Re: Cisco Client Cannot Connect Outbound
- Next by thread: Re: Cisco Client Cannot Connect Outbound
- Index(es):
Relevant Pages
|
Loading
