openvpn client through network with ISA Firewall

Hi All
I have a user who is based on a network which has an ISA Firewall. iT seems like the ISA Firewall is blocking this connection. He gets the following error when trying to connect:-

Fri Apr 16 03:19:17 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 16 03:19:17 2010 TLS Error: TLS handshake failed

Any ideas?

Thanks
junzcptAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Encrypted1024Commented:
Just to be clear, he is trying to connect to your VPN using the OpenVPN client from behind his ISA server?
There could be a bunch of things wrong. For starters, ISA is a web proxy and by default will not allow outbound VPN traffic. His Network Administrator can make the user a secure NAT client allow outbound VPN connections for his IP address.
0
junzcptAuthor Commented:
"Just to be clear, he is trying to connect to your VPN using the OpenVPN client from behind his ISA server?"   CORRECT - its ipcops openvpn.

"His Network Administrator can make the user a secure NAT client allow outbound VPN connections for his IP address. "

His Network Admin has asked me to sort this out.i tried opening up port 1194 "incoming" and "outgoing" but no luck. How do I make the user a secure NAT Client?

Thanks
0
Encrypted1024Commented:
What I was saying is that the problem is very likely on the ISA server side. Of course I do not know the configuration at this point, but by default ISA will not allow a VPN connection to your IPCOP proxy from inside its network.
If this is the case (I am just hypothisizing based on ISA default configuration) then the fix would be for the ISA server's Network Admin to allow his client (the open VPN client) to make outbound VPN connections. This is easily done on ISA by changing the client computer from Web Proxy client or Firewall Client, to a secure NAT client. Then allowing outbound VPN traffic from that PC.
It would be the same configuration you would set for Servers so they can make connections to the internet without a user being logged in.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
junzcptAuthor Commented:
will have a look.
0
junzcptAuthor Commented:
Additional resouces used
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.