Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
VPN and Thomson SpeedTouch 510
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
VPN and Thomson SpeedTouch 510 - 3.Aug.2005 2:57:00 AM
|
|
|
adnan&ISA
Posts: 53
Joined: 8.Jan.2004
Status: offline
|
Good day everybody,
I have configured ISA 2004 as a VPN server according to the article found on Microsoft.
I am using ADSL SpeedTouch510. By default this modem will block incoming 1723 and GRE. So I did the follwoing:
quote:
To setup a separate PC as the VPN server behind the SpeedTouch 510 or 530, you need to forward the following protocol and ports to your VPN server, by using the NAT page of the modem Web interface as described in the User Guide:
- protocol=tcp port=1723
- protocol=gre
Alternatively, you can use the following CLI commands:
nat create protocol=tcp inside_addr=Æaddress of the server PCÆ inside_port=1723 outside_addr=0 outside_port=1723 foreign_addr=0
nat create protocol=gre inside_addr=Æaddress of the server PCÆ outside_addr=0 foreign_addr=0
But still from the remote client pc its giving the error 678: There was no answer.
I can ping the SpeedTouch modem from remote client but can't ping the ISA 2004 VPN server behind it which is understandable.
I have sent an email to my ISP guys to check if there firewall is blocking any PPTP incoming traffic to my link.
If u think I am missing something in the SpeedTouch settings please do tell me.
Thanks allz.
|
|
|
|
RE: VPN and Thomson SpeedTouch 510 - 3.Aug.2005 6:31:00 AM
|
|
|
adnan&ISA
Posts: 53
Joined: 8.Jan.2004
Status: offline
|
OK,
After applying the above mentioned settings and restarting the ADSL speed touch; now atleast its showing in the ISA logs that a PPTP connection at port 1723 has been initiated by a remote client but still at the remote client its giving the same error
Error 678: The remote computer did not respond.
After this error; If I see the ISA log it shows only that the PPTP connection has been closed.
Any ideas ???
|
|
|
|
|
RE: VPN and Thomson SpeedTouch 510 - 3.Aug.2005 7:08:00 AM
|
|
|
adnan&ISA
Posts: 53
Joined: 8.Jan.2004
Status: offline
|
Ok,
From the ISA logs I found out that the error is WSA_RWS_TIMEOUT or FWX_E_TIMEOUT
0x80074E25
Description:A connection was terminated because it was idle for more than the timeout period, or the timeout on an incompleted action expired.
The VPN connection is initiated and I can see it in the logs; but it seems the VPN server is unable to negotiate. Can it be authentication problem, DHCP problem.
|
|
|
|
|
RE: VPN and Thomson SpeedTouch 510 - 3.Aug.2005 3:05:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi adnan,
it sounds that your ADSL modem incorporates a NAT device. If that's the case, you should first test the VPN connection from a host connected to the same subnet as the ISA external interface. by doing this you can verify that the ISA server is properly configured.
Next, from an external host, try to execute the command 'telnet IP-address 1732'. TCP port 1732 is the listening port for the PPTP control connection. That connection should succeed, otherwise there is something filtering that connection along the path.
HTH,
Stefaan
|
|
|
|
|
RE: VPN and Thomson SpeedTouch 510 - 3.Aug.2005 5:16:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
Heh - a rare slip-up by Stefaan (not that I'm giving you a hard time)
Anyways, also check the Monitoring\Logging section. Add an entry for Client IP Equals %YourClientIP% and see if ISA logs an "Initiated Connection" entry for the request.
Also, don't be afraid to install Network Monitor on the ISA Server - you can also setup a capture filter to only monitor traffic from that Client IP as wll and see if ISA sees the incoming packet and if it actually does reply.
|
|
|
|
|
RE: VPN and Thomson SpeedTouch 510 - 4.Aug.2005 6:51:00 AM
|
|
|
adnan&ISA
Posts: 53
Joined: 8.Jan.2004
Status: offline
|
Thanx Gentlemen,
Well u r right Spouseele, if I try to make a VPN connection from a host connected to the same subnet as of ISA external interface, everything works fine. Except that to make network browser service working, I have to allow NetBios Datagram, NetBios Name Service & NetBios Session protocols from the VPN clients to the Local Host(ISA Server). Is this configuration ok for NetBios vs VPN clients ?
So my DSL is NAT enabled... If anybody have any idea how to make a VPN passthrough on this DSL modem, plz tell me. Otherwise have to check with the support team of SpeedTouch guys.
Thx
|
|
|
|
|
RE: VPN and Thomson SpeedTouch 510 - 4.Aug.2005 12:18:00 PM
|
|
|
adnan&ISA
Posts: 53
Joined: 8.Jan.2004
Status: offline
|
Hi again,
The ADSL SpeedTouch 510 was a NAT enabled device; had to search for some CLI commands to disable the NAT.
Every thing is working fine now; I can search printers, can browse the network and can use the Internet also from the remote VPN client.
The only thing, what abt the VPN clients who r NOT the domain members ? How they are going to have access to LAN resources ? Is it possible ?
Thx again
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
the telnet should be to port 1723.
