Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN Access Groups

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN Access Groups Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN Access Groups - 16.Jan.2008 10:06:01 PM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline 		I am trying to setup VPN Client Access and in the VPN Client Properties - Groups tab I can't add any users or groups.  After clicking Add, I can click Location and see my domain and all OUs under it, but any group or user I try and enter wont work.  My ISA2006 server is a member of my domain too.

Any suggestions on what I need to check or might be missing?

Thanks
Post #: 1
RE: VPN Access Groups - 17.Jan.2008 2:39:45 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		What do u mean by :
quote:

but any group or user I try and enter wont work




_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to zebo51)
Post #: 2
RE: VPN Access Groups - 17.Jan.2008 6:49:42 AM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline 		If I type in a name or group and then click check name it doesn't find it.

(in reply to elmajdal)
Post #: 3
RE: VPN Access Groups - 17.Jan.2008 8:29:17 AM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline 		Have you installed the Supportability Update for ISA Server 2006 ?

How did you setup the Network Cards on ISA ?

(in reply to zebo51)
Post #: 4
RE: VPN Access Groups - 17.Jan.2008 10:15:01 AM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline
quote:

ORIGINAL: ITEngineer

Have you installed the Supportability Update for ISA Server 2006 ?

How did you setup the Network Cards on ISA ?


Yes, I have installed that update.

I have two NICs, one internal and one external.  I am not doing anything special, just hosting a few websites and publishing an exchange server. 

I can log into the ISA 2006 box using a domain account, so I would think this should work.

(in reply to ITEngineer)
Post #: 5
RE: VPN Access Groups - 20.Jan.2008 3:18:29 PM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline 		Still need help, anyone?

ISA is setup as a Edge Firewall and no DMZ, just internal and external.  I have followed the documents are setting up the internal and external NICs.  As stated publishing exchange SMTP, OWA and various websites along with FTP all work fine.

Watching the monitoring log shows no denies when I make attempts to add a user from AD.

Thanks

(in reply to zebo51)
Post #: 6
RE: VPN Access Groups - 21.Jan.2008 10:01:11 AM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline 		For those that might ever run into this, here is what I have concluded.

1.  You can't add individual accounts, has to be a group.
2.  The group has to be setup as a Global Security Group.

The above is based on AD, local domain accounts or groups may differ.

(in reply to zebo51)
Post #: 7
RE: VPN Access Groups - 22.Jan.2008 4:08:13 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline 		Hi zebo,
You can use only domain Global Groups on that tab.
Regards!

(in reply to zebo51)
Post #: 8
RE: VPN Access Groups - 22.Jan.2008 5:48:27 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: zebo51

For those that might ever run into this, here is what I have concluded.

1.  You can't add individual accounts, has to be a group.
2.  The group has to be setup as a Global Security Group.

The above is based on AD, local domain accounts or groups may differ.


Hi,

u will need first to create a User in ISA Server , this will only be a container that will hold the AD user or Group.

So create a new user in ISA, then broswe your AD, select the USer/group and then add it to the created user in ISA Server.

For example u create a new user in ISA called  Allowed Internet Users
 
then inside this user, you added HR Department Grp and Finanice Department Grp from you AD.

got the picture now ?

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to zebo51)
Post #: 9
RE: VPN Access Groups - 22.Jan.2008 8:44:25 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
quote:

VPN Client Access and in the VPN Client Properties - Groups tab

Just to clarify my previous post.
I was under the impression that you are referring to the Groups Tab from the VPN Clients Properties from the Configure VPN Client Access link, thus you want to control which users/groups are allowed to dial-in.
If that's the case my post is still standing.
If you are referring to what Tarek is talking about just ignore my post.
Regards!

(in reply to elmajdal)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN Access Groups Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts