Cisco VPN Client --> ISA server --> PIX/Concentrator
I am tring to configure ISA to allow a Cisco VPN client to connect through to a VPN concentrator/PIX
The Client is a secure NAT client i.e. has the ISA server as its DG. The ISA server has two NIC's, one connected to the Internet and one to the LAN. I have created a definition for UDP/500 and UDP/4500 (both send/receive) but it will not connect. The client is 4.0.2B. Other applications like messenger and ICQ connect ok so the secure NAT is working but when I sniff the traffic (everything is on one hub) When the VPN client tries to connect the ISA server does not make any requests on behalf of the client, its as if it is ignoring the client (other apps work though)
Re: Cisco VPN Client --> ISA server --> PIX/Concentrator
I found this page here --> http://www.tacteam.net/isaserverorg/vpnkitbeta2/nat-t-packetfilters.htm describes how to let external L2TP/IPSec clients that are located behind NAT based firewalls to connect to your ISA Server firewall/VPN server -- but my situation is more like yours was -- I have a client behind an ISA server just just needs to use the cicso client to authenticate to a diff site that has a cicso firewall (not sure what kind - the admin really isn't cooperating) Could you give me some specifics on how exactly you got yours working? I followed that page I referenced but I wasn't for sure if I should have the packet filters for inbound receive/send or send/receive. Also didn't know if I should apply the packet filter to the default IP on the adapter or to my subnet of computers..? Please help!?! Am I even going in the right direction?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...