Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Client VPN connection through ISA
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Client VPN connection through ISA - 11.Sep.2002 3:58:00 PM
|
|
|
jgroeneweg
Posts: 12
Joined: 12.Apr.2002
From: Holland
Status: offline
|
Hello all,
Yes me 2 have a problem with making a VPN connection through ISA.
Config:
I have an local network 192.168.2.0. My ISA (sp1) server has ip: 192.168.2.240. My clients behind ISA (local network) are SNAT windows XP pro.
clients -- Isa -- router -- Internet -- VPNserver
When i'm setting up an vpn connection from ISA everything works fine. So it can't be my router.
In ISA i've selected "PPTP through ISA", "enable packet filtering" and "enable IP routing".
Am i forgetting an Route somewhere, i've read a lot of forums but still it won't work from a client.
Please help, my head is killing me! !["[Confused]"](/image/smiles/confused.gif "\"\"")
|
|
|
|
RE: Client VPN connection through ISA - 11.Sep.2002 4:23:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jeroen,
I think the only thing you've left out is that the clients must be SecureNAT clients if you want to use PPTP through the ISA Server.
HTH,
Tom
|
|
|
|
|
RE: Client VPN connection through ISA - 13.Sep.2002 7:26:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jeroen,
Then the only thing left is the possibility that you're using DSL.
HTH<
Tom
|
|
|
|
|
RE: Client VPN connection through ISA - 13.Sep.2002 9:19:00 AM
|
|
|
jgroeneweg
Posts: 12
Joined: 12.Apr.2002
From: Holland
Status: offline
|
Tom,
That's correct. So you're saying that's not possible while using DSL?
Grt. Jeroen
|
|
|
|
|
RE: Client VPN connection through ISA - 15.Sep.2002 5:16:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jeroen,
ISPs have messed up DSL so badly, and there are so many different implementations, that I've given up on trying to figure them out. If there is someone on DSL here who knows the answer, I'd be glad to hear from him.
Thanks!
Tom
|
|
|
|
|
RE: Client VPN connection through ISA - 17.Sep.2002 5:43:00 AM
|
|
|
chevynovas
Posts: 6
Joined: 14.Sep.2002
From: Usa
Status: offline
|
I too have this exact same problem. I use DSL to get to the internet. All of my servers access the internet through my ISA server. They are all SNAT clients. If I take one of my systems and connect it directly to the internet, bypassing my ISA firewall, I can connect to my employer's VPN server no problem using Nortel's Contivity VPN client. When I try to connect to the VPN server through my ISA server, I cannot connect. I have looked through a ton of online documentation, emailed several people, and tried every idea under the sun, including opening up my ISA server wide open, and I am still unable to VPN through the ISA server. If anyone can figure out how to do this please post your answer here, or email me: chevy@post.com and I'll post it here for everyone. Thanks! Dean
|
|
|
|
|
RE: Client VPN connection through ISA - 17.Sep.2002 12:09:00 PM
|
|
|
jgroeneweg
Posts: 12
Joined: 12.Apr.2002
From: Holland
Status: offline
|
Tom,
but i don't understand, because when I try to setup an VPN from my ISA through my DSL connection it works great. So in my oppinion it can't be my DSL connection. Maybe I'm wrong ifso sorry.
Grt jeroen
|
|
|
|
|
RE: Client VPN connection through ISA - 18.Sep.2002 10:03:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jeroen,
I also hate DSL and refuse to install and support ISA in such an environment, especially if the DSL connection uses PPPOE/PPPOA and is terminated on ISA itself. If there is a PPPOE/PPPOA connection involved, I always recommend to terminate that connection in the router or another device external to ISA (i.e. SMC Barricade). In that case, ISA will see 'plain' Ethernet and will be much happily.
HTH,
Stefaan
|
|
|
|
|
RE: Client VPN connection through ISA - 26.Sep.2002 10:25:00 AM
|
|
|
jgroeneweg
Posts: 12
Joined: 12.Apr.2002
From: Holland
Status: offline
|
Hi spouseele,
but again. I can setup a vpn through my router with DSL from my ISA server.
ISA__Router___Internet
But when I try that from my SNAT clients it's not possible.
SNAT__ISA__Router__Internet
So i think it's not the DSL connection, but hust ISA who rejects the connection from my SNAT clients.
Grt Jeroen
|
|
|
|
|
RE: Client VPN connection through ISA - 3.Oct.2002 9:35:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jeroen,
OK, two suggestions for debugging:
1) ONLY for test purposes: enable on ISA the logging of allowed packets in the packet filter log. Try a VPN setup and see what you can find in the packet filter log.
2) run a NetMon trace on the ISA external interface and see if you can find something useful in there.
HTH,
Stefaan
|
|
|
|
|
RE: Client VPN connection through ISA - 3.Oct.2002 10:33:00 PM
|
|
|
rody_daly@hotmail.com
Posts: 4
Joined: 21.Aug.2002
From: Sweden
Status: offline
|
I had the same problem and I am behind my "home ISA server" on a DSL connection.
I went through the "configure a local virtual private network" wizard to see if I could manage to get a server-server vpn up. That wizard created the neccesary ip packet filters to let my local client through.
myPC-ISA-DSLrouter-W2KVPNServeratwork-workLAN.
As you understand I have no idea why this works as I would expect that wizard only to open from the ISA server itself.
Regs:Ronny
|
|
|
|
|
RE: Client VPN connection through ISA - 3.Oct.2002 11:37:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hey guys,
maybe Rony has given us indirectly an explanation and answer! ![[Cool]](/image/smiles/cool.gif)
Here is my theory...
If the DSL connection is terminated on the ISA server then a PPPOE client is running on ISA. This means that the ISA server has an external Ethernet interface with an IP address which has as only task to 'transport' the PPPOE stuff. So, the real useful interface to carry the data is the PPPOE Dialup interface and *not* the Ethernet interface.
Now, when you enable PPTP passthrough, the SecureNAT PPTP packet filter is activated. If you look now into the default SecureNAT PPTP packet filter properties, tab Local Computer, it applies to the Default IP address on the external interface. As I understand it, this is *not* the PPPOE Dialup adapter. So, there is properly no packet filter allowing the PPTP through.
If the above theory is correct, then you must see blocked PPTP packets in the packet filter log! If that is the case, you will probably have to play with the applies to in the Local Computer tab of the SecureNAT PPTP packet filter.
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Roll Eyes]](/image/smiles/rolleyes.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
RE: Client VPN connection through ISA - ![[Frown]](/image/smiles/frown.gif)
![[Razz]](/image/smiles/tongue.gif)
