How the Nortel and Cisco VPN clients (on the internal network) can call through the ISA Server

Question #1036

I’m trying to get my Cisco and Nortel VPN clients working through the ISA Server. They are not using PPTP. I think they’re using IPSec, but I’m not sure. All I know is that the Nortel and Cisco VPN clients on the internal network can’t call out through the ISA Server. What do I need to do?

Answer

These clients add proprietary IPSec implementations to the IP stack. IPSec won’t go through any NAT firewall, including ISA Server. Recent versions of these clients provide a way to encapsulate the IPSec inside UDP. You have to set this up on the VPN server and make a configuration change on the client. Once you do this, then all you need to do is open the appropriate UDP ports on the firewall and traffic shoud pass. In the case of ISA Server, you’d write the appropriate outbound protocol definitions and protocol rules.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top