Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
PPTP VPN connection from behind ISA 2006 to outside world
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
PPTP VPN connection from behind ISA 2006 to outside world - 17.Aug.2008 7:57:47 PM
|
|
|
simem
Posts: 5
Joined: 10.Jun.2008
Status: offline
|
I'm hoping someone can help me with this because I have been tearing my hair out for days! I am trying to connect to one of our clients (to provide software support) by creating a PPTP VPN connection to their network. When I try to connect from a client machine within our internal it establishes the connection, begins to verify the username and password and then drops out with an Error 619. The logs on the ISA server show a successful Initiated connection followed immediately by a closed connection with error code 0x80074e24 FWX_E_CONNECTION_KILLED.
I know the credentials etc. being used are correct as I can connect to this client from another site (which is not behind ISA) or from home with no problems. I can also connect to many of our other client sites using PPTP without any issues so I'm stumped as to why there is a problem with this one.
We are running the server in a standard 3-leg perimeter configuration on Windows Server 2003 R2 SP2. Our internal client machines are all Windows XP SP3. Any help on this would be greatly appreciated. Thanks
|
|
|
|
|
RE: PPTP VPN connection from behind ISA 2006 to outside... - 18.Aug.2008 9:14:32 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Is the firewall client installed on the client machine? If so, you need to disable it before establishing the PPTP VPN connection.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: PPTP VPN connection from behind ISA 2006 to outside... - 18.Aug.2008 7:04:32 PM
|
|
|
simem
Posts: 5
Joined: 10.Jun.2008
Status: offline
|
Hi Tom,
Thanks for the response but no, the firewall client isn't installed on the client machine. Windows firewall is on but disabling that doesn't seem to make any difference. Thanks.
|
|
|
|
|
RE: PPTP VPN connection from behind ISA 2006 to outside... - 18.Aug.2008 7:38:00 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi,
What is the client type ?? Make sure to set it as a SecureNet client.
Also on the ISA Server, make sure to create an outbound rule with the required protocols with the condition ALL Users.
also apply this update on your server : http://support.microsoft.com/kb/936594
HTH,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: PPTP VPN connection from behind ISA 2006 to outside... - 18.Aug.2008 8:13:41 PM
|
|
|
simem
Posts: 5
Joined: 10.Jun.2008
Status: offline
|
Hi Tarek,
The client/s are configured as SecureNat and I have created an outbound access rule allowing all users access to all protocols to the IP address we are trying to connect to (I know this isn't very secure but once I get the problem sorted I will scale it back to just the required protocols).
That update appears to only apply to ISA 2004, we are running ISA 2006. I am able to connect to many other client sites via PPTP without any issues which I know points to a problem at the other end. However, I can connect fine from another network that is not behind ISA. At this point I am leaning towards a hardware issue - our ADSL modem is also a router. While we don't use it as one, I'm wondering if that might be causing the issue (although why it's not happening for other sites has got me stumped!). I think I'll try replacing it with a lower end modem and see if the problem goes away.
In case that doesn't work though, any other suggestion would be great! Thanks.
|
|
|
|
|
RE: PPTP VPN connection from behind ISA 2006 to outside... - 19.Aug.2008 8:31:09 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
That could be the problem. If you're using a cheap Cisco NAT device in front of the ISA firewall, there could be a problem with the NAT editor for PPTP on that device. If you can remove it, you'll get the best NAT editor for PPTP there is, which is the one included with the ISA firewall.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
