I am trying to set up VPN on my ISA Server, following the instructions laid out in "Configuring ISA Server 2000" and Shinder's "Inbound VPN Calls" article. But when I fire up the RRAS service, it is like ISA Server stops talking altogether. I have to stop the RRAS service and reboot to get back online.
Here is my setup: ISA Server with two NICs. Internal NIC has 10.x.x.x address External NIC has 216.x.x.x address
RRAS is running on the ISA Server. RRAS is set up with 10 PPTP ports (since I have a number of Win98 clients still). The PPTP ports are set to "inbound only" and the phone number is the internal 10.x.x.x address.
Our DHCP server is on the same segment as the internal NIC. I followed the instructions for the General tab (to have both Router and RAS checked). And "Enable IP routing" and "Allow IP-based remote..." are checked on the "IP" tab.
Our network is so simple (every server is on the same segment as the internal NIC) that I don't see what the problem is.
Here are some of the errors that appear in the log:
Wow, this is almost exactly the same problem i am having. Only as soon as the VPN client connects it kills internet access for everyone on the internal network. I didn't see where it said to configure this: The PPTP ports are set to "inbound only" and the phone number is the internal 10.x.x.x address.
Ok, I removed the ip address from the phone number entry but starting RRAS still took the ISA server offline. Does anyone think it would help to uninstall RRAS, then going into ISA Manager and have it reinstall it?
From: Los Angeles
Hi, I am having the same problem. If I use the wizard for allowing vpn clients its ok. However, If I use the wizard for setting up local and remote vpn servers then it kills DNS resolution for that box and internet access for the whole company. Is it something in the packet filters? Any advice will be greatly appreciated. Dusty
From: Portland OR 97209
I beleive this is the problem we are having one thing I did notice is when I ping our isa server by its name it comes back with an ip address that is in the vpn range not the one that is should be assigned to the internal nic card.
From: Seattle,Wa, USA
hmm.the last post makes me think that the network provider order might be incorrect. Go into network and dial up settings- advanced- advanced settings- make sure the internal nic is first under connections in the list. If not move it up in the list.