Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
2
Replies

VPN Client and ISA Server

leopastor
Level 1
Level 1

‎08-14-2002 06:02 PM - edited ‎02-21-2020 12:00 PM

Need to know how to configure my system to allow workstations to connect to a Cisco VPN Concentrator 3005 in another location. The workstations are getting into Internet through ISA Server. Without ISA Server and when clients connect through ADSL, everything works fine.

Some documentation instructs to open ports on the proxy, but even without packet filtering or any restrictions I still could not make it work.

Thanks.

Leo Pastor

leop@satlink.com

Labels:
0 Helpful
2 Replies 2

albadger
Level 1
Level 1

‎08-14-2002 11:20 PM

Hi Leo,

This won't answer your question directly but it is food for thought....

Is the connection then established between the client and the concentrator or will it be between the ISA server and the concentrator?

As far as I am aware, the ISA server only does transport mode and it is IPSec only. I am not sure about the VPN3000 concentrator, but I believe there is incompatibility between the PIX and ISA server due to the fact that with the PIX, we can change to transport mode in version 6.x but we need to run L2TP over IPSec to utilise this. If it is not L2TP over IPSec, the packets will be disgarded. Hence, PIX to ISA is not possible.

0 Helpful

leopastor
Level 1
Level 1
In response to albadger

‎08-15-2002 03:10 PM

Hi, Alison. Thank you for your reply.

"Is the connection then established between the client and the concentrator or will it be between the ISA server and the concentrator? "

The connection would be established between the ISA server and the concentrator, since ISA server is the "owner" of the connection to Internet. The client would have to pass through ISA server which, as I pointed out before, is allowing (at least is should!) to pass anything during the testing phase.

"As far as I am aware, the ISA server only does transport mode and it is IPSec only. "

In my understanding ISA server supports both IPSec and L2TP in full. I will check this, anyway.

I appreciate very much your reply. As you said, it is food for thought. If it comes that you have more food of this kind, please let me know.

Regards.

Leo Pastor

0 Helpful
Customers Also Viewed These Support Documents