Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Client Can't Connect to VPN
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Client Can't Connect to VPN - 22.Apr.2004 4:59:00 PM
|
|
|
rberger007
Posts: 41
Joined: 16.Mar.2004
Status: offline
|
I _think_ my server is finally setup correctly, but I can't get the client to VPN in.
Error #1:
The VPN session is established and then immediately closed in ISA2004 monitoring. The WinXP client gives an "Error 651: the modem or other device you are connecting to has reported an error". No firewall active on the client. Nothing in the Event Log though...
Error #2:
I can't ping from the ISA2004 box to an external website which is known to be up and allows pings. I get Destination Host unavailable in the DOS box (but the IP has resolved) and ISA monitoring shows me a DENIED error in the log. Why am I getting DENIED if I've allowed Unrestricted Internet Access as a rule AND edited the System Policy to allow ICMP (Ping) from All Networks, Internal and External?
Environment:
It's a clean Win2003 install with 2 NICs. Public NIC is the static public IP address. Private NIC is static 10.0.0.200 on 10.0.0.x LAN. Joined the domain as member server. Installed ISA2004 with 10.0.0.0-10.0.0.255 as private network. Applied Edge Firewall template with 10.0.0.0-10.0.0.255 as internal network. Set RADIUS server with shared secret, enabled VPN for 10 users, selected the AD group which is allowed to VPN in, I am a member of that AD group, created rule to allow internal servers to talk to each other (created Computer for each IP address), disabled Firewall Client system policy since I'm not using it yet, added http://* and https://* to allowed sites system policy, created access
rule to allow private and public IP address of ISA server to communicate with our external Road Runner DNS servers.
Any ideas?
Thanks,
-Rob
|
|
|
|
RE: Client Can't Connect to VPN - 23.Apr.2004 12:02:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Rob,
There are some problems with VPN authentication in Beta 2 and VPN. I had terrible problems with both Windows and RADIUS auth, however this was fixed.
What access rules have you created to allow outbound access?
Thanks!
Tom
|
|
|
|
|
RE: Client Can't Connect to VPN - 23.Apr.2004 9:28:00 PM
|
|
|
rberger007
Posts: 41
Joined: 16.Mar.2004
Status: offline
|
quote:
What access rules have you created to allow outbound access?
They're listed here, in order:
1. "Unrestricted Internet Access": (from Internal/VPN Clients/ISA-Box-By-Private-IP-Address/ISA-Box-By-Public-IP-Address to External
2. "DNS Lookups": From ISA-Box-By-Private-IP-Address and ISA-Box-By-Public-IP-Address to Road Runner DNS Servers by IP address
3. "Servers Talking": From RADIUS server, ISA's Private IP address and File Server to RADIUS server, ISA's Private IP address and File Server (all by IP Address).
4. "VPN to Internal Access": VPN Clients to Internal network
That's it. Is the version available which includes the fixes, or do I have to wait until a demo of the final product becomes available?
Thanks,
Rob
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Frown]](/image/smiles/frown.gif)
