Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anybody know about VPN with ISA Server between LAN and PIX?


I think we have a problem getting traffic in the VPN tunnel routed across the ISA Server, but I'm stuck. Can you help please?

The VPN Client3.5 makes a secure tunnel over the Internet with PIX506 (v.6.01) using Cisco VPN, and can ping the server outside interface, but it cannot reach the server inside interface on the LAN.

The server runs ISA Server 2000 between the two network cards, and, even with all IP Packet Filters and Protocol Rules set to allow all traffic, I cannot reach the LAN on the inside of the ISA server.

When the inside interface of the PIX was on the LAN it was all working, but we have added the ISA Server between the LAN and the PIX for easier control - and now SMTP mail in and out, and Internet and ftp out work, but VPN won't work. The PIX configuration is almost the same, still with the clients receiving addresses from the PIX ip local pool. There is no Microsoft VPN set up - I assume all traffic inside the tunnel should be just normal traffic. Routing?


Michael Burnford

Cisco Employee

Re: Anybody know about VPN with ISA Server between LAN and PIX?

If the ISA server is doing PAT, then that could be the issue. The pix does not yet support vpn clients when there is pat in the middle.


New Member

Re: Anybody know about VPN with ISA Server between LAN and PIX?

Many thanks, but I can't find anything about PAT in the ISA Server. It does talk about server publishing to make internal servers available to outside: maybe I need to look at that!



CreatePlease login to create content