Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

Ms Isa server behind pix firewall

brian.roussel
Level 1
Level 1

‎03-31-2003 09:00 AM - edited ‎02-20-2020 10:39 PM

We have a situation here that is confusing us and I am asking for assistance with this one. We have a pix firewall configured with a single outside and two inside interfaces. Behind one of the inside interfaces, we run a Ms Isa server and have several customer client machines behind the Isa server. All clients need to run Nortel's Contivity Vpn client software to connect to their network in this environment.

If we connect the Isa server directly to the outside world, (thus bypassing the pix), the clients can make the vpn connection to their home network and have no issues. If we connect the Isa server behind the pix, (and change an ip adr. on the Isa machine outside nic), the clients are no longer able to raise the vpn connection to their home network and time-out attempting to do so.

Curiously however, the Isa server running the same vpn client software can do the vpn connection without issue.

At this time, we are unsure of where to look for problems, (ie: the clients work if connected to the isa server hanging on the outside world, but fail when the isa machine is behind the firewall, but the Isa machine works when it is wired behind the firewall). We are unsure if this issue is a config one in the pix, isa server, or even both of them.

Any suggestions on where to look and what to look for?

Thanks in advance.

0 Helpful
2 Replies 2

agoodwin
Level 1
Level 1

‎03-31-2003 01:23 PM

No clue but it might be worth checking

1:ISA Client on the desktops

2:Create a any any rule in ISA to see if traffic passes then lock it down.

Do you get anything working client side when the isa server is behind the pix?

0 Helpful

brian.roussel
Level 1
Level 1
In response to agoodwin

‎03-31-2003 01:31 PM

1) Isa client on the desktops appears to make no difference but currently, we are running the clients without the software enabled, but are using a g/w adr. of each client of the internal nic of the Isa server.

2) Good idea - we'll try this one next.

3) Clients behind the isa server behind the pix are able to access internet sites and appear to have no trouble with this. The vpn stuff is what causes the problems for us.

Thanks for your input.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card