I'm trying to configure our ISA Server to allow outgoing PPTP tunnels but I can't seem to get it to work. The VPN client keeps spitting back error 619. The ISA Server is a VPN terminator for incoming connections and that side of things works great. Any thoughts? I've looked through every dialog I could find, but so far no magic "allow PPTP pass through" setting has been found.
I should point out that the obvious setting up of an Allow policy for outgoing PPTP across the appropriate networks has been done. Also, we do not run the firewall client at all, these are all anonymous NAT users.
The ISA Server has two NIC's. One is internal, one is external. The external NIC has our 5 external static internet routeable IP's and is connected directly into a Netopia DSL modem/bridge/gateway. VPN does work through this device and if I unplug the ISA server and plug back in our old gateway (Linux based system) it works fine. I'm sure I'm just missing some configuration somewhere in the ISA machine. Like I said earlier it does work for terminating incoming PPTP VPN's just great, I just can't get an outgoing one to make it through.
I guess my issue is that I don't know what the correct network rules and address rules are for routing PPTP in ISA. In fact I even have an "everything outbound" policy that allows any protocol from any internal network to go to any other network. This seems to work for every other protocol. I assumed this would cover it, but I must be missing something. Is there a guide somewhere (that's relevant to 2006) or a sample configuration I can look at?
Site to Site VPN's don't appear to be working either. So it's basically all outgoing VPN's. Is there an issue or some considerations that need to be done to accept incoming VPN's and allow PPTP Passthrough on the same ISA Server?