Welcome to ISAserver.org

Set up VPN

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Installation >> Set up VPN

Page: [1]

Message

<< Older Topic Newer Topic >>

Set up VPN - 9.Feb.2001 11:10:00 AM

clynn

Posts: 101
Joined: 8.Feb.2001
From: Farmington Hills, MI
Status: offline

Got ISA up and running.
Web Proxy client is doing fine.

Now I would like to try a VPN

We have a branch office at a different location running ISA. The MS white papers didn't give me what I needed to start. Looking for some best practices for my configuration.

Post #: 1

Featured Links*

RE: Set up VPN - 9.Feb.2001 1:50:00 PM

clynn

Posts: 101
Joined: 8.Feb.2001
From: Farmington Hills, MI
Status: offline

OK I go through the Local VPN wizard,everything goes fine except the final step. When it tries to make the vpc file, I get this error:

The wizard cannot create the VPN connection. An Action to allow dial-in permissions failed.

Whats up with that?

(in reply to clynn)

Post #: 2

RE: Set up VPN - 9.Feb.2001 2:00:00 PM

clynn

Posts: 101
Joined: 8.Feb.2001
From: Farmington Hills, MI
Status: offline

One other thing. Should the domains at both locations be the same. Will Active directory replicate through the ISA VPN?

(in reply to clynn)

Post #: 3

RE: Set up VPN - 11.Feb.2001 1:22:00 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Did you run the remote VPN wizard on the remote computer? After creating the .vpc file, you have to use the remote vpn wizard and the .vpc file to create the connection.

Not sure why the local vpn wizard is failing. I've run it many, too many times, and haven't had a similar error. Make sure your IP address ranges are correct on the local and remote networks. Also, make sure they are different, because if they are using the same IP address range on the remote network, you are going to have some "issues".

I'll keep my eyes peeled for similar problems.

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

(in reply to clynn)

Post #: 4

RE: Set up VPN - 13.Feb.2001 11:06:00 AM

clynn

Posts: 101
Joined: 8.Feb.2001
From: Farmington Hills, MI
Status: offline

I'll give you play by play:

In Network Configuration, I start Configure a local VPN.
VPN ID's: A=local & B=remote
Use L2TP over IPsec
Allow only remote to initiate conversation.
Add domain range of remote network: 192.168.1.1 - 192.168.1.255
Ip of local ISA set to ISA's external IP
Local Network 10.10.30.1 - 10.10.30.255
Filename: ab.vpc
Password = password
Click finish and.......

The wizard cannot create VPN connection.
An action to allow dial-in permissions failed.

---------------------------------------------

Is there some pemission that have to be in place for VPN to work?

Here is my hardware config:
T1 line into cisco 1750 router.
Cisco 1750 router into hub.
One port on the hub goes to my test LAN, the other for production.
ISA server plugged directly into this hub.
Have a client connected via crossover cable to ISA server's internal NIC.

Client acting as web proxy client successfully.
Default config on ISA server.

(in reply to clynn)

Post #: 5

RE: Set up VPN - 14.Feb.2001 12:42:00 AM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Clynn,

It sounds like a permissions problem on the machine that you're doing the configuration on. You do not need any connectivity with the remote server to just create the file.

What happens if you manually create the configuration that the wizard would do automatically? Copy the info file that the wizard gives you before you finish creating the .vpc file, and then manually try to create the same configuration in RRAS. Also be sure to create the dial-in account as well.

That might help in determining where the problem lies.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

(in reply to clynn)

Post #: 6