>>You might consider trying SSH sentinel if you need NAT-T support under MS >>platforms, works well for me. I don't how that would work with ISA server. The current situation is that since MS current implementation of IPSec doesn't support NAT-T (on the server but W2K client supports it), yet they do NAT with their firewall (ISA), MS way to tackle the issue to make IPSec work is to grab any IPSec packets with RRAS so it bypass the firewall all together.
Dom -----Original Message----- From: Mark Weaver [mailto:[EMAIL PROTECTED]] Sent: 19 November 2002 14:30 To: [EMAIL PROTECTED] Subject: RE: IPSec + L2TP VPN to MS firewall (ISA) working ! Fantastic, I look forward to reading it. You might consider trying SSH sentinel if you need NAT-T support under MS platforms, works well for me. Mark > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Cressatti, Dominique > Sent: 19 November 2002 13:57 > To: [EMAIL PROTECTED] > Subject: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > What am trying to say here is that I managed to successfully > establish a VPN between Linux and MS ISA (MS firewall) > which uses X509 certificates and L2TP. > > Am in the process of writing an HowTo as it is fairly involved > but I'll accept a few questions and provide some help to those > who trying to do it. > > However at this time since it is fairly involved, I can't > begin to explain it all in this list. Therefore I'll ask those > who trying to achieve it, to at least have followed Nat Calrson > Howto and have a "Windows road warrior" working, using > ipsec.exe. > > Limitations: > It cannot be done if there is a NAT (ADSL router for example) > in the path as the IPSec implementation used by MS doesn't support > NAT-T (NAT traversal). > At the moment the Linux box act only as server therefore I have > to establish the VPN from the Windows server. > > > Dom > >
