I have been working on this for days now ... I have to ISA server ... I want to publish a VPN server but everytime I try to connect to it i get an error 721: computer not responding ... I'm stuck ... I tried to put the VPN server on the ISA server its self but that kills the internet to my network .. I know my ISP allows everything because I have a VPN server at work and I can connect to that ... but I can't connect from work to here ....
this is my network
Client --- ISA Server --- Internet --- Linksys --- VPN Server (this is at work)
but not the other way
VPN Server --- ISA Server --- Internet --- Linksys --- VPN Server
I have port 1723 open and the PTPP check box checked
if someone could help with either problem the ISA Server losing internet if i enable RRAS or publishing the VPN server I would be great ful
to my knowledge you simply cann't publish a VPN server behind ISA. The ISA server must be the VPN endpoint. This is by design.
I have different installations running with ISA as VPN endpoint for external VPN clients, enabled PPTP passthrough for outbound VPN access and have never see that ISA is losing Internet connectivity in such a configuration. How have you installed the VPN? Through the ISA VPN wizard?
Well The problem is not ISA server ... its RRAS ... this has always happened ... I install ISA server ... then if RRAS is turned on in anyway ... following the manuals online of just opening it up ... I lose internet connection everywheree on the network ... my ISA is in intergrated mode .... i want it to do secureNAT and VPN ... i thought that it was my windows install but so i fdisked and installed again ... but i lost it again ... when i was just using NAT with windows2000 I lose everything when I turned VPNs on
Your problem isn't RRAS, its DNS. Check the DNS entries for your ISA Server on the DNS server, and you'll see some things which should explain your situation. The fast way to fix the problem is to disabled DDNS. There are slower ways, too
I've never seen such a problem myself. However I'm very curious what is causing that behaviour.
Because I don't know your installation, lets start with the beginning. I hope you have setup the ISA interfaces properly. Check out http://www.isaserver.org/pages/articles.asp?art=67 and pay attention to the binding order, default gateway, DNS and WINS settings. Oh, don't forget to check the LAT also.
Next, thoroughly test the name resolving from ISA server itself. This should work without any problem. Also check out Tom's hint: check the DNS entries for your ISA Server on the DNS server with and without an active VPN connection. Do you see any difference?
Well.... I redid everything ... fresh 2k install all updates fresh ISA install SP1 and the same thing ... nothing weird is going on in DNS ... and I'm stuck I almost think its my network card for some reason so I'm going to get another tomorrow ... but I'm stuck .... any more idea ... i would love them ... thanks again everyone
for some reason ... and right now i don't care ... when VPN (RRAS) was enabled ... it erased the 0.0.0.0 entry in the routing list ... this as we know is the default gateway ... meaning that i can't connect to anyone out side my subnet ... which answers all the problems ... now how to fix that ... well thats simply ... i just added a 0.0.0.0 static route in RRAS
This maybe close to what my problem is, but not sure.. I have internet connection for like 5 mins, then shuts off for 5 mins, then comes back (its a cycle) I hope tom answers my other post as well. For this static route the 126.96.36.199 is the external IP of my NIC on the firewall, and the other 209.xxx.xxx.xxx address is the address of my external switch where my ISA plugs into. Is this right?
Win2k VPN config is so easy, its got to be a very small detail that's left out or not configured. Probably just a matter of getting another pair of eyes who knows Win2k VPN setups well to go over your configuration. I doubt such a consultantion would take more than a couple of hours.
Here's a suggestion. Configure a lab using VMware and recreate your situation. Configure the VPN gateways just as you would in your live environment. In the lab you'll see how the process works and get some insights that you might not have had before. I always mirror my ideas in a VMware lab before I roll it out at a customer site. I usually learn a lot about the process and try to make as many mistakes as possible, so that I'm prepared for the live network setup You really do get a deeper understanding after you've run through a few exact and similar scenarios in the lab. Once you have that "hands-on" experience with the design you want, then its a lot easier rolling it out in the production environment.