Danny wrote:
> Now, a VPN "connection" is established from the Internet into the ISA
> server without a problem, however VPN traffic through the tunnel does
> not work most of the time. It's inconsistent but primarily does not
> work.
>
> So, now I try without the Watchguard in the picture, and the tunnel
> carries traffic just fine - as it should.
>
> Has anyone ever experience such a problem?
Are you using NAT? If so, you'll need to use a UDP-based system, and/or assign
unique TCP port numbers to each distinct connection. Otherwise, you'll
probably be limited to only having one VPN session active at a time.
Are you passing GRE through? I recently had to deal with a similar situation
involving Cisco's VPN hardware and their VPN client, and the following helps:
redirect_proto gre routerIP
redirect_port udp routerIP:500 500
redirect_port udp routerIP:4500 4500
redirect_port udp routerIP:62515 62515
redirect_port tcp routerIP:10000 10000
redirect_port tcp routerIP:pptp pptp
Replace routerIP with your ISA server's IP. YMMV.
--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 31 2005
Intro
