Problems connection to Cisco VPN from behind MS ISA and a PIX firewall

Discussion in 'Cisco' started by Ned Hart, Jun 6, 2004.

  1. Ned Hart

    Ned Hart Guest

    Hello

    I'm having trouble connecting to a Cisco VPN from behind a
    back-to-back ISA/PIX firewall. I've read all the documentation on ISA
    for doing this and I've enabled NAT-T on my PIX as well as opened
    ports 500, 4500, and 10000 (UDP) on ISA. As a test, I placed the
    workstation with the Cisco VPN client directly behind the PIX
    (bypassing ISA) and I was successful at connecting to the VPN.
    Although it seems as though the problem is with ISA, I found this
    document that seems to confirm that it is possible to do.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;812076
    So I'm wondering if there is something the admin at the VPN endpoint
    needs to do because I am using ISA behind a PIX (NAT-T?). I plan to
    call him on Monday and would appreciate hearing your suggestions or
    ideas.


    Here is my config, I hope I haven't done too bad a job describing it.
    <-LAN-172.16.20.x--><-172.16.20.9-ISA-10.5.1.2->-dmz-<-10.5.1.1-E1-PIX-E0(pub
    IP) -> ISP Router

    Thanks for your help
    NH
     
    Ned Hart, Jun 6, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.