• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1991
  • Last Modified:

openvpn client through network with ISA Firewall

Hi All
I have a user who is based on a network which has an ISA Firewall. iT seems like the ISA Firewall is blocking this connection. He gets the following error when trying to connect:-

Fri Apr 16 03:19:17 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 16 03:19:17 2010 TLS Error: TLS handshake failed

Any ideas?

Thanks
0
junzcpt
Asked:
junzcpt
  • 3
  • 2
1 Solution
 
Encrypted1024Commented:
Just to be clear, he is trying to connect to your VPN using the OpenVPN client from behind his ISA server?
There could be a bunch of things wrong. For starters, ISA is a web proxy and by default will not allow outbound VPN traffic. His Network Administrator can make the user a secure NAT client allow outbound VPN connections for his IP address.
0
 
junzcptAuthor Commented:
"Just to be clear, he is trying to connect to your VPN using the OpenVPN client from behind his ISA server?"   CORRECT - its ipcops openvpn.

"His Network Administrator can make the user a secure NAT client allow outbound VPN connections for his IP address. "

His Network Admin has asked me to sort this out.i tried opening up port 1194 "incoming" and "outgoing" but no luck. How do I make the user a secure NAT Client?

Thanks
0
 
Encrypted1024Commented:
What I was saying is that the problem is very likely on the ISA server side. Of course I do not know the configuration at this point, but by default ISA will not allow a VPN connection to your IPCOP proxy from inside its network.
If this is the case (I am just hypothisizing based on ISA default configuration) then the fix would be for the ISA server's Network Admin to allow his client (the open VPN client) to make outbound VPN connections. This is easily done on ISA by changing the client computer from Web Proxy client or Firewall Client, to a secure NAT client. Then allowing outbound VPN traffic from that PC.
It would be the same configuration you would set for Servers so they can make connections to the internet without a user being logged in.
0
 
junzcptAuthor Commented:
will have a look.
0
 
junzcptAuthor Commented:
Additional resouces used
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now