Solved

Cisco VPN client via ISA 2006

Posted on 2008-10-31
6
1,252 Views
Last Modified: 2013-11-16
I need to configure ISA 2006 to allow "Cisco VPN client" connections from Internal network to external destination. The connection will go from internal PC (XP Prof) through ISA and PIX to Internet.

I found some pages with "how to", e.g. http://www.elmajdal.net/ISAServer/How_To_Allow_Cisco_VPN_Client_To_Connect_Through_ISA_Server.aspx. I want to ask if this is enough or if there are some other steps that needs to be done / configured.
0
Comment
Question by:haldoxp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 22854933
It works for me. Note the points at the bottom though.

You must be a SecureNAT presentation to the ISA - ie ISA is the default gateway for the client pc's.
You need to disable the ISA firewall client (if you have it installed plus disable the MS firewall on the PC.
0
 
LVL 3

Author Comment

by:haldoxp
ID: 22861773
Thanks. Will let you know the results on Tuesday.
0
 
LVL 3

Accepted Solution

by:
haldoxp earned 0 total points
ID: 22874848
After I configured ISA server according to the above web page the connection was blocked by default policy. In monitoring I saw "Unidentified IP Traffic" on port 10000. After a quick google search I found that I need to configure new Protocol definition for this port (TCP, outbound, port 10000) and put this new protocol definition into firewall rule.

Now the connection is working great. Thanks Keith.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 3

Author Comment

by:haldoxp
ID: 22875714
One issue. It is working with "All Users", but when I set another group, the connection stops working. All members of this group cannot connect. Any idea?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22878592
Different question - no offence.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22909206
No problem here ; thanks :)
Keith
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question