Solved

Cisco VPN client via ISA 2006

Posted on 2008-10-31
6
1,226 Views
Last Modified: 2013-11-16
I need to configure ISA 2006 to allow "Cisco VPN client" connections from Internal network to external destination. The connection will go from internal PC (XP Prof) through ISA and PIX to Internet.

I found some pages with "how to", e.g. http://www.elmajdal.net/ISAServer/How_To_Allow_Cisco_VPN_Client_To_Connect_Through_ISA_Server.aspx. I want to ask if this is enough or if there are some other steps that needs to be done / configured.
0
Comment
Question by:haldoxp
  • 3
  • 3
6 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 22854933
It works for me. Note the points at the bottom though.

You must be a SecureNAT presentation to the ISA - ie ISA is the default gateway for the client pc's.
You need to disable the ISA firewall client (if you have it installed plus disable the MS firewall on the PC.
0
 
LVL 3

Author Comment

by:haldoxp
ID: 22861773
Thanks. Will let you know the results on Tuesday.
0
 
LVL 3

Accepted Solution

by:
haldoxp earned 0 total points
ID: 22874848
After I configured ISA server according to the above web page the connection was blocked by default policy. In monitoring I saw "Unidentified IP Traffic" on port 10000. After a quick google search I found that I need to configure new Protocol definition for this port (TCP, outbound, port 10000) and put this new protocol definition into firewall rule.

Now the connection is working great. Thanks Keith.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Author Comment

by:haldoxp
ID: 22875714
One issue. It is working with "All Users", but when I set another group, the connection stops working. All members of this group cannot connect. Any idea?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22878592
Different question - no offence.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22909206
No problem here ; thanks :)
Keith
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question