Welcome to ISAserver.org

Site to site IPSEC VPN Issue

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> Site to site IPSEC VPN Issue

Page: [1]

Message

<< Older Topic Newer Topic >>

Site to site IPSEC VPN Issue - 13.Aug.2007 8:18:38 AM

auchanaka1980

Posts: 100
Joined: 16.Jan.2007
Status: offline

hi
i have isa server 2006 std edtion and my remote site have the forigate hardware firewall. i create the remote vpn connection on my isa server. after my client try to run he software. it's check the my remote site license serve. i can telnet or ping that server but when my Client open the software it's says license server is missing.

when i check the isa log for that users it's give those logs.

192.168.187.218
TCP
0x0 ERROR_SUCCESS
192.168.112.10
5353
5353
Initiated Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
UDP
0xc004000d FWX_E_POLICY_RULES_DENIED
192.168.187.255
137
NetBios Name Service
Denied Connection
Default rule
192.168.187.218
-
-

192.168.187.218
UDP
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
192.168.187.255
137
NetBios Name Service
Denied Connection

192.168.187.218
-
-

192.168.187.218
TCP
0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
192.168.112.10
5353
5353
Closed Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
UDP
0xc004000d FWX_E_POLICY_RULES_DENIED
192.168.187.255
137
NetBios Name Service
Denied Connection
Default rule
192.168.187.218
-
-

192.168.187.218
UDP
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
192.168.187.255
137
NetBios Name Service
Denied Connection

192.168.187.218
-
-

192.168.187.218
UDP
0xc004000d FWX_E_POLICY_RULES_DENIED
192.168.187.255
144145
NetBios Name Service
Denied Connection
Default rule
192.168.187.218
-
-

192.168.187.218
UDP
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
192.168.187.255
166167
NetBios Name Service
Denied Connection

192.168.187.218
-
-

192.168.187.218
TCP
0x0 ERROR_SUCCESS
192.168.112.10
1048
Unidentified IP Traffic
Initiated Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
TCP
0x0 ERROR_SUCCESS
192.168.112.10
1048
Unidentified IP Traffic
Initiated Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
TCP
0x0 ERROR_SUCCESS
192.168.112.10
5353
5353
Initiated Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
UDP
0xc004000d FWX_E_POLICY_RULES_DENIED
192.168.187.255
260261
NetBios Name Service
Denied Connection
Default rule
192.168.187.218
-
-

192.168.187.218
UDP
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
192.168.187.255
282283
NetBios Name Service
Denied Connection

192.168.187.218
-
-

192.168.187.218
TCP
0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
192.168.112.10
5353
5353
Closed Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
UDP
0xc004000d FWX_E_POLICY_RULES_DENIED
192.168.187.255
328329
NetBios Name Service
Denied Connection
Default rule
192.168.187.218
-
-

192.168.187.218
UDP
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
192.168.187.255
350351
NetBios Name Service
Denied Connection

192.168.187.218
-
-

192.168.187.218
UDP
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
192.168.187.255
372373
NetBios Name Service
Denied Connection

192.168.187.218
-
-

192.168.187.218
UDP
0xc004000d FWX_E_POLICY_RULES_DENIED
192.168.187.255
394395
NetBios Name Service
Denied Connection
Default rule
192.168.187.218
-
-

192.168.187.218
TCP
0x0 ERROR_SUCCESS
192.168.112.10
1048
Unidentified IP Traffic
Initiated Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
TCP
0xc0040038 FWX_E_TCP_NO_SERVER_REPLY
192.168.112.10
1048
Unidentified IP Traffic
Closed Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
TCP
0x0 ERROR_SUCCESS
192.168.112.10
1048
Unidentified IP Traffic
Initiated Connection
ELK to FTC
192.168.187.218
-
-

192.168.187.218
TCP
0xc0040038 FWX_E_TCP_NO_SERVER_REPLY
192.168.112.10
1048
Unidentified IP Traffic
Closed Connection
ELK to FTC
192.168.187.218
-
-

this work isa server 2004. now it's not working for isa server 2006.

why is that????
I want to know what r the default system policy have to be enable and disble for the site to site vpn link.

i need your help.
aucsna

< Message edited by auchanaka1980 -- 14.Aug.2007 4:08:54 AM >

Post #: 1

Featured Links*

RE: Site to site IPSEC VPN Issue - 14.Aug.2007 12:52:39 PM

p057080n

Posts: 26
Joined: 7.Jun.2007
Status: offline

It looks like it's denying the protocol/port being used for that software. Might want to allow it in your firewall settings...?

(in reply to auchanaka1980)

Post #: 2

RE: Site to site IPSEC VPN Issue - 15.Aug.2007 4:06:16 AM

auchanaka1980

Posts: 100
Joined: 16.Jan.2007
Status: offline

thanks ur reply. my side to remote vpn network to i open the all the port.

it' like this.

allow --all outbound-- internal -- remote site--all users
allow---all------------remote site--internal ---all

(in reply to p057080n)

Post #: 3

RE: Site to site IPSEC VPN Issue - 15.Aug.2007 10:25:32 AM

p057080n

Posts: 26
Joined: 7.Jun.2007
Status: offline

Instead of having seperate rules, try bunching it up together into one.

Set the rule as order #1 so that no other rules are denying it first, and then just name it something like "Allow access between remote and home site" and then under action, allow, protocols: all outbound, and From/Listener set as internal and remote, To: Internal and remote.

I had a weird problem before where the rules would actually negate each other if I set up more than one, it wouldn't hurt to try, although I'd probably wait for a more definitive answer from someone like one of the moderators.

(in reply to auchanaka1980)

Post #: 4