additional help and support with Microsoft Internet Security and Acceleration (ISA) Server, visit the following Microsoft Web site:
#Cisco ipsec vpn client firewall ports how to#
You must remove the ISA Firewall client software.įor information about how to obtain ISA Server 2000 Service Pack 1 (SP1), visit the following Microsoft Web site:
Note This article is designed for SecureNAT clients. Note After you perform the steps to add UDP Port 10000 as a protocol definition, you may also have to add UDP port 20000 to be able to work with some of the newer Cisco VPN Concentrators. The new protocol rule is listed under Available Protocol Rules in the right pane. Under Apply the rule to requests from, click Any request (unless you want to restrict these protocols to certain client address sets), and then click Next.Ĭonfirm the configuration selections, and then click In the Use this schedule list, click the schedule that you want to use when allowing these protocols (for example, click
In the Protocols list, click to select the check boxes that correspond to the three custom protocols that you created earlier, and then click Next. In the Protocol rule name box, type a name for the rule (for example, type Allow Cisco IPSec VPN Client), and then click Next. The new custom protocols are listed in the right pane underĬreate a protocol rule to allow access using the new custom protocols that you created. Repeat the steps above to create the protocol using a value of 10000 in steps 9 and 10. In the Protocol definition name box, type a descriptive name for the definition (for example, type Port 4500 UDP Send Receive), and then click Next. In the left pane, right-click Protocol Definitions, point to New, and then click Under Do you want to use Secondary connections?, click No, and then click Send Receive (do not click Receive Send), and then click Next. In the Protocol definition name box, type a descriptive name for the definition (for example, type Port 500 UDP Send Receive), and then click Next. Right-click Protocol Definitions, point to Microsoft ISA Server, and then click ISA Management. Note You must make sure that your Access Policy permits these three custom protocols.īack to the top Create the Protocol DefinitionsĬreate the new custom protocols to enable the transparent tunneling feature. According to the Cisco Transparent tunneling technology, this traffic can traverse Network Address Translation (NAT) firewalls. Note The client computer must be configured as a SecureNat client.īy creating these protocol definitions, you enable the SecureNat client to connect to the Cisco VPN server through ISA Server as all traffic is passed as UDP traffic. To provide support for this configuration, create the following protocol definitions: However, Cisco Concentrator 3300, with the latest firmware updates, uses "transparent tunneling" that uses User Datagram Protocol (UDP) ports 500, 4500, and 10000 to communicate securely between VPN clients and concentrators. In most cases, IPSec VPN traffic does not pass through ISA Server 2000. This step-by-step article describes how to enable a Cisco Systems virtual private network (VPN) client computer using the IPSec protocol, on the internal network, to connect to an external Cisco VPN Concentrator using the "transparent tunneling" feature through Microsoft Internet Security and Acceleration Server 2000.īack to the top Provide Support for the Cisco VPN Client How to enable a Cisco IPSec VPN client to connect to a Cisco VPN concentrator through ISA Server 2000
0 kommentar(er)
