VPN pass-through Cisco 1721 to ISA 2004

Posted on 2006-04-28
Last Modified: 2013-11-16
I need to provide a client VPN solution for my users who are traveling.

I currently have a Cisco 1721 router that sits on the perimeter.  This router provides Hardware Site-to-Site VPN connections to our branch offices.  It is my understanding that there are no client VPN options that can be used with the Cisco 1721.  At least I haven’t been able to find any.

I also have a single-homed ISA 2004 server sitting behind the Cisco 1721 that I use for Outlook Web Access (OWA) connections.  The ISA server is not part of my domain and is just in its own little “workgroup”.

How do I go about setting up client VPN connections to the ISA 2004 server that is sitting behind the Cisco 1721 router?  I am assuming that my users would use the Windows VPN client that is built into Windows XP.

All examples that I have been able to find for ISA 2004 assume that it is on the perimeter and is multi-homed.


Question by:BillBrosius
    LVL 20

    Accepted Solution

    >It is my understanding that there are no client VPN options that can be used with the Cisco 1721.
      Actually it can.  A router can have simultaneous client VPN connections as well as a site-to-site VPN.  Below is an example URL for configuring a router for both site-to-site & client VPN with IPSec:

    But, if you really want to allow PPTP VPN through the router to the internal Windows server, you'll need to allow the following inbound to the server (as well as outbound from this server):
      TCP port 1723
      GRE protocol

    LVL 20

    Expert Comment

    Do you still need help with this?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now