Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN Implementation in ISA2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN Implementation in ISA2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN Implementation in ISA2004 - 3.Mar.2004 6:46:00 PM   
Torsten

 

Posts: 3
Joined: 3.Mar.2004
From: Hamburg, Germany
Status: offline 		Hi Folks,

I quite don't get through the (mobile user-) VPN implementation in the ISA-Beta. Are incoming connections still forwarded to RRAS or (what it seems to me) does ISA now have its own VPN back end?

And, if so, how does it have to be configured? The only way I got an incoming connection working was forwarding it to the RRAS-Ports..

Thanks,
Torsten
Post #: 1
RE: VPN Implementation in ISA2004 - 4.Mar.2004 12:03:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Torsten,

ISA 2004 VPN works together with the Windows RRAS, so RRAS isn't the stand alone component it was with ISA 2000. You configure the VPN Server in the ISA 2004 managment console.

HTH,
Tom

(in reply to Torsten)
Post #: 2
RE: VPN Implementation in ISA2004 - 4.Mar.2004 2:21:00 PM   
Torsten

 

Posts: 3
Joined: 3.Mar.2004
From: Hamburg, Germany
Status: offline 		Thanks Tom, I see.

I've already tried around a bit, now I've come to a point where i can establish a connection via PPTP using ISA and RRAS, but only using an IP from a predefined pool, not using DHCP. I created Access Rules enabling DHCP traffic, but didn't get it working so far.

Do you know if ISA blocks DHCP traffic by default? RRAS always comes up saying it is unable to connect to the DHCP (although it is configured correctly, i think), which is on the same machine.

I'm also having problems with the optional SMTP-Filter add-in. It is also filtering the internal(!) traffic of my Exchange 2003... But that's another point. [Roll Eyes]

Thanks so far, Greetings
Torsten

(in reply to Torsten)
Post #: 3
RE: VPN Implementation in ISA2004 - 5.Mar.2004 1:47:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Torsten,

I've had no problem using a DHCP server on the internal network and having the ISA firewall grab IP addresses from it. IIRC, there is a System Policy Rule that allows this communication.

Is the SMTP Message Screener installed on the Exchange Server?

Thanks!
Tom

(in reply to Torsten)
Post #: 4
RE: VPN Implementation in ISA2004 - 5.Mar.2004 2:08:00 AM   
Torsten

 

Posts: 3
Joined: 3.Mar.2004
From: Hamburg, Germany
Status: offline 		Hi Tom,

yes, DHCP packet filters are configured and enabled, the packets are also mentioned in the real time log as "connection established". And: DHCP is correctly working for real clients connected to the internal interface of the server. It's just the communication between DHCP and RRAS which isn't working properly.

I think the next thing I'll try will be reinstallation of software (RRAS, maybe ISA too). Just reconfiguration of RRAS didn't work either [Frown]

Yes, I've tried to install SMTP Message Screener with Exchange 03, but it seemed to filter just everything... Is there a kind of "hidden" configuration page for changing filter restrictions?

Otherwise these problems could also be "Beta"-Stuff and they're solved in RC1 or Final... Let's see [Razz]

But first I'll try repairing RRAS...

Many Greetings and Thanks,
Torsten

(in reply to Torsten)
Post #: 5
RE: VPN Implementation in ISA2004 - 5.Mar.2004 12:42:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Torsten,

Install the SMTP filter on the ISA firewall instead of the Exchange Server. I think you'll be very happy with it. Check out:

http://www.msfirewall.org/isa2004/2004filteringrelay/2004filteringrelay.htm

As for the DHCP issue, not sure what the problem is. You might try stopping and starting the RRAS server on the ISA machine and see if that works.

HTH,
Tom

(in reply to Torsten)
Post #: 6
RE: VPN Implementation in ISA2004 - 7.Mar.2004 10:44:00 PM   
Raul E Jimenez

 

Posts: 78
Joined: 21.Oct.2002
From: USA
Status: offline 		Hi Torsten,

Can you take a look to your RRAS server configuration?

You can configure the RRAS to connect to a DHCP server using "Allow RRAS to select the adapter", External NIC Card, or Internal.

Try forcing RRAS to use the Internal NIC Cards, then you should have number of leases on your internal DHCP server as many connections for VPN you allow in your Policies or RRAS.

Hope help

RJ

(in reply to Torsten)
Post #: 7
RE: VPN Implementation in ISA2004 - 8.Mar.2004 12:01:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Raul,

Good observation! Yes, you need to make sure the correct adapter is configured so that it will obtain the addresses from the DHCP server.

Thanks!
Tom

(in reply to Torsten)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN Implementation in ISA2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts