Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SOLVED - Error 651 or error 800 with VPN Client

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> SOLVED - Error 651 or error 800 with VPN Client Page: [1]
Login
Message << Older Topic   Newer Topic >>
SOLVED - Error 651 or error 800 with VPN Client - 27.Mar.2007 10:56:29 AM   
alphonse

 

Posts: 2
Joined: 26.Mar.2007
Status: offline 		Hi all,
I'm currently meeting a strange problem with my isa2006.
When DMZ computers try to connect to our lan via pptp, they receive error 651.

The very strange thing is what's appearing in the log : I can see that the connection from client to the 1723 port of the ISA NIC is Closed but the System Policy "Allow Vpn traffic" is matched...

Here is the network schema :
<Internet>---<Cisco>---<DMZ - 10.0.0.0/24>---<ISA>---<LAN - 172.31.32.0/24>

So, I have modified the Access Network to allow VPN connection from the lan : any PPTP connection attempts from the Lan works perfectly...

I have no more ideas...

Thanks in advance for your help and comments.

Al

< Message edited by alphonse -- 28.Mar.2007 11:02:54 AM >
Post #: 1
RE: SOLVED - Error 651 with VPN Client - 28.Mar.2007 10:58:53 AM   
alphonse

 

Posts: 2
Joined: 26.Mar.2007
Status: offline 		Hi all !!!

The problem is coming from the RSS (Receive Side Scaling) feature in the Win2003 SP2.

Here is what's happening in my connection attempts :
You cannot host Transmission Control Protocol (TCP) connections when Receive Side Scaling is enabled in Microsoft Windows Server 2003 with Service Pack 2 (SP2). The TCP connections are reset. This problem occurs if you use Network Address Translation (NAT) and if the host computer is configured to be an Internet Connection Sharing host server computer.

So I had to disable this feature to allow incoming PPTP session.
To disable it, go into the registry :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parametersand set the key "EnableRSS" to 0. Al

(in reply to alphonse)
Post #: 2
RE: SOLVED - Error 651 with VPN Client - 1.Aug.2007 1:48:06 PM   
mohsindabomb

 

Posts: 173
Joined: 27.Jun.2003
From: London, UK.
Status: offline 		Hi,
 
I have the exact same problem on my ISA 2004 box. PPTP vpn clients cannot connect.
 
It is defnitely an RSS issue as you said as I my SNAT clients cannot access http which is a known issue on ISA boxes with this RSS issue.
 
http://forums.isaserver.org/SNAT_client_won't_access_HTTP/m_2002045367/tm.htm
 
I've changed the registry entry to disable RSS and restarted the system.
 
Still the PPTP VPN isn't working and so isn't http access for SNAT clients.
 
It appears changing the registry entry to 0 has not disabled RSS as I see no changes.
 
Could anybody help? Thanks.

< Message edited by mohsindabomb -- 1.Aug.2007 1:59:44 PM >

(in reply to alphonse)
Post #: 3
RE: SOLVED - Error 651 with VPN Client - 1.Aug.2007 2:43:47 PM   
carolchi

 

Posts: 13
Joined: 6.Jun.2004
From: Switzerland
Status: offline 		I have the same problem with a new ISA server.
I disabled RSS and the owa publishing and web publishing work, but I can't get the PPTP VPN to work at all.
It is a similar config : VPN client - Sonicwall - ISA in DMZ - LAN

Ths client is logging IPSec failures, as is the Sonicwall which is trying to negotiate IKE with the VPN client. I wonder if the ISA server cannot do IKE so the Sonicwall then tries and fails.

If I take the ISA server out of the loop and do:
VPN Client - Sonicwall - RRAS server in LAN
Then everything work fine.




(in reply to mohsindabomb)
Post #: 4
RE: SOLVED - Error 651 with VPN Client - 2.Aug.2007 10:20:05 AM   
mohsindabomb

 

Posts: 173
Joined: 27.Jun.2003
From: London, UK.
Status: offline 		Hi Carolchi,
 
Have a look at the below. It may help you.
 
http://blogs.technet.com/sbs/archive/2007/03/19/vpn-securenat-nat-and-outlook-clients-not-working-after-installing-windows-service-pack-2-in-sbs-2003-premium.aspx
 
I've downloaded the latest drivers for my NICs and will install them this evening and see what happens. Good luck to me.
 
Any ideas others?
 
Thanks.

(in reply to carolchi)
Post #: 5
RE: SOLVED - Error 651 with VPN Client - 8.Aug.2007 5:27:07 AM   
mohsindabomb

 

Posts: 173
Joined: 27.Jun.2003
From: London, UK.
Status: offline 		See my last post on the topic below. That may help.
 
http://forums.isaserver.org/m_2002045367/mpage_1/key_/tm.htm#2002050549
 
Mo.

(in reply to mohsindabomb)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> SOLVED - Error 651 or error 800 with VPN Client Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts