Solved

IPSec Tunnel Tru. ISA or Microsoft Forefront Threat Management Gateway

Posted on 2009-05-19
3
796 Views
Last Modified: 2013-12-04
I have ISA2006 server installed on my office network and all the pc on the network are  using SNAT. some of the users on the network  have nortel vpn client to connect to corporate head office. Through ISA2006/TMG SNAT nortel vpn client fails to establish a tunnel.
The policy for ISA is set to allow all traffice from inside(internal network) to external and no other restriction is added in the policy.
nortel client version is v04_87
0
Comment
Question by:Manojc3
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 24487066
It is failing due to NAT-T  (NAT Traversal)

IPSec is not capable of running over NAT.  If the Nortel Client was using PPTP it would be working fine.  To overcome the IPSec's failure of NAT requires NAT Traversal.  

Make sure the Nortel Client is configured to use NAT-T

These links may help:
http://www.isaserver.org/articles/IPSec_Passthrough.html
http://forums.isaserver.org/m_2002012471/tm.htm
0
 

Author Comment

by:Manojc3
ID: 24603930
Yes I downloaded the new notel vpn client 6.0 which has NATT support. It working now. Thank you.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24604025
Very good.  Glad it worked out for you.
 
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Defender struggles to check for updates. 9 57
Sweet32 Vulnerability in Microsoft IIS7.5 6 2,374
Need to disable SSL Cipher 7 296
Exchange 2010 Edge subscription question 1 28
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question