Solved

Cisco VPN client via ISA 2006

Posted on 2008-10-31
6
1,206 Views
Last Modified: 2013-11-16
I need to configure ISA 2006 to allow "Cisco VPN client" connections from Internal network to external destination. The connection will go from internal PC (XP Prof) through ISA and PIX to Internet.

I found some pages with "how to", e.g. http://www.elmajdal.net/ISAServer/How_To_Allow_Cisco_VPN_Client_To_Connect_Through_ISA_Server.aspx. I want to ask if this is enough or if there are some other steps that needs to be done / configured.
0
Comment
Question by:haldoxp
  • 3
  • 3
6 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 22854933
It works for me. Note the points at the bottom though.

You must be a SecureNAT presentation to the ISA - ie ISA is the default gateway for the client pc's.
You need to disable the ISA firewall client (if you have it installed plus disable the MS firewall on the PC.
0
 
LVL 3

Author Comment

by:haldoxp
ID: 22861773
Thanks. Will let you know the results on Tuesday.
0
 
LVL 3

Accepted Solution

by:
haldoxp earned 0 total points
ID: 22874848
After I configured ISA server according to the above web page the connection was blocked by default policy. In monitoring I saw "Unidentified IP Traffic" on port 10000. After a quick google search I found that I need to configure new Protocol definition for this port (TCP, outbound, port 10000) and put this new protocol definition into firewall rule.

Now the connection is working great. Thanks Keith.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 3

Author Comment

by:haldoxp
ID: 22875714
One issue. It is working with "All Users", but when I set another group, the connection stops working. All members of this group cannot connect. Any idea?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22878592
Different question - no offence.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22909206
No problem here ; thanks :)
Keith
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now