ISA 2000 Server - IPSec Passthrough / NAT-T not working

[aleonhardt]

Hi all,

I've a problem with an ISA 2000 Server w/ SP1 installed. I enabled all necessary ports to forward IPSec traffic :

UDP 500 ( IKE )
IP 50 ( ESP )
IP 51 ( AH )
UDP 4500 ( IPSec over UDP )
UDP 10000 ( for CISCO VPN Client )

The network is as follows ...

INET---[NON-NAT-ROUTER]----[NATting-W2k-ISA]----[Internal-NET]

Now, I've to enable a CISCO VPN Client (v4.05 I think) to establish the VPN Connection. The PC in question has (afaik) XP SP2 installed.

It is verified that VPN Clients in "normal" NAT environments are working.

You can also respond to alex.tuxx@gmail.com ..

Thanks,
Alex

 

[nhidalgo]

You don't need to forward the ports, you just need to create the protocols and apply then with an allow rule. Follow this article step by step

http://support.microsoft.com/default.aspx?scid=kb;en-us;812076

Nick

 

[aleonhardt]

Hi there...

Well, I actually did that already ... I added the Protocols and added them to the Protocol Rules - List (allow), even though there was already a rule with allowing everything ..

I also tried then to "allow" the ports separately but that didn't work either so I removed them again.

I also removed the Protocol-Rule for IPSec/Nat-T and just left the "Allow all" but didn't work.

Alex