• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

PPTP outbound

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> PPTP outbound Page: [1]
Login
Message << Older Topic   Newer Topic >>
PPTP outbound - 24.Jan.2006 4:34:10 PM   
nicopag

 

Posts: 21
Joined: 4.May2002
From: Uruguay
Status: offline
Hi, I am needing to connect though my ISA 2004 to another ISA 2000 using PPTP.
When I try the connection, hangs veryfying username and password and next error 721.
Failed connection attempt
I try to do it with another firwall and everything its OK, no problem.
WHAT SHALL I OPEN to connect throught ISA 2004?
I made a rule with ALL TRAFFIC IP and nothing!.
I read all the forums in this 2 days and nothing.
Please let me know what shall I do-
Post #: 1
RE: PPTP outbound - 24.Jan.2006 9:11:01 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nicopag,

make sure that:
1. the client is configured as a SecureNAT client.
2. the Firewall client is disabled (if installed).
3. a Firewall rule on ISA allows the PPTP protocol.

HTH,
Stefaan

(in reply to nicopag)
Post #: 2
RE: PPTP outbound - 25.Jan.2006 11:54:56 AM   
nicopag

 

Posts: 21
Joined: 4.May2002
From: Uruguay
Status: offline
Hi spouseele,

1. Mi Pc client is configured as secureNAT client, since it have the default gateway the internal NIC of the ISA
2. I dont have firewall client installed
3. I have a rule that permit ALL traffic
4. I have added another rule that permit GRE and PPTP

nothing works, when I try the conenction stop in " veryfying username and password
In the isa monitoring:

Dest Port      Protocol                                Action
        0                  GRE               Failed Connection Attempt

in the Fw log:
GRE    192.168.1.109    200.x.x.x    192.168.1.109    Internal    External    Failed    0x80070034    Salida VPN    GRE    0    0    0    0

:)
Thanks


(in reply to nicopag)
Post #: 3
RE: PPTP outbound - 26.Jan.2006 12:03:30 PM   
nicopag

 

Posts: 21
Joined: 4.May2002
From: Uruguay
Status: offline
spouseele, do you know how can I make this work?

Thanks

(in reply to spouseele)
Post #: 4
RE: PPTP outbound - 26.Jan.2006 1:01:35 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nicopag,

check out http://download.microsoft.com/download/3/7/b/37b0cbc4-e578-4082-a779-de4fbe876f06/isa2004se_vpnkit-rev%201%2004.doc, I believe it is chapter 6 'Configuring the ISA Server 2004 Firewall for Outbound PPTP and L2TP/IPSec Access'.

HTH,
Stefaan

(in reply to nicopag)
Post #: 5
RE: PPTP outbound - 26.Jan.2006 2:32:00 PM   
nicopag

 

Posts: 21
Joined: 4.May2002
From: Uruguay
Status: offline
Hi, I have that doc and also an access rule that permite PPTP and GRE.
In my desesperation I created a rule taht permite ALL IP TRAFFIC.
When I try to connect, stop verifying username and password!.
Please, how can I fix somthing so simple like this!?
If I use another firewall to connect, NO PROBKLEM, so the ISA 2000 in the other side is correct.

(in reply to spouseele)
Post #: 6
RE: PPTP outbound - 30.Jan.2006 7:51:18 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nicopag,

is there some more info in the ISA log regarding the 0x80070034 error code?

HTH,
Stefaan

< Message edited by spouseele -- 30.Jan.2006 7:53:52 PM >

(in reply to nicopag)
Post #: 7
RE: PPTP outbound - 30.Jan.2006 7:59:19 PM   
nicopag

 

Posts: 21
Joined: 4.May2002
From: Uruguay
Status: offline
NOP

(in reply to spouseele)
Post #: 8
RE: PPTP outbound - 31.Jan.2006 7:52:20 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nicopag,

I don't find much information about that error code except in the context of a server publishing rule (socket already in use). Hopefully, somebody drops in who had experienced a simular issue.

Thanks,
Stefaan

(in reply to nicopag)
Post #: 9
RE: PPTP outbound - 31.Jan.2006 8:07:08 PM   
nicopag

 

Posts: 21
Joined: 4.May2002
From: Uruguay
Status: offline
Great, but I think that is not possible make this with ISA 2004 because if I try with another firewall everything its ok.
The problem is the ISA SERVER 2004
If I make a rule that permit all the traffic doesnt work, so what can I do??

(in reply to spouseele)
Post #: 10
RE: PPTP outbound - 31.Jan.2006 8:15:49 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nicopag,

I suggest you call Microsoft PSS if you don't find an answer on this board or the ISAServer.org Discussion List.

Thanks,
Stefaan

(in reply to nicopag)
Post #: 11
RE: PPTP outbound - 6.Feb.2006 9:28:16 PM   
rtmorgan

 

Posts: 11
Joined: 11.Jun.2001
Status: offline
Interesting...  I was having the same problem as nicopag.  I had tried all the same things, followed the instructions in that document, etc. 

After I posted this initial message I decided to add an incoming PPTP rule for the heck of it and it worked.  I know that might sound dumb, but after reading several posts on various message boards as well as the document referenced above and a KB article I had never seen that mentioned.  Anyway, I'm not sure why I finally decided to try that, but it works.  So nicopag take the rule the document tells you how to create and make another one , but reverse it to allow PPTP from External to Internal.

Rusty

< Message edited by rtmorgan -- 6.Feb.2006 9:37:54 PM >

(in reply to spouseele)
Post #: 12
RE: PPTP outbound - 8.Feb.2006 1:08:19 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: spouseele
2. the Firewall client is disabled (if installed). 

hi Stefaan,

why u need to disable the FWC !! , i have the FWC client installed on all machine and all the users that needs to establish VPN connection to another ISA , they can do it without disabling the FWC.

I Only need to Disable the FWC when iam using Cisco Client to VPN a PIX FW.

(in reply to spouseele)
Post #: 13
RE: PPTP outbound - 8.Feb.2006 3:45:20 PM   
warren@lws.co.za

 

Posts: 38
Joined: 30.Sep.2002
Status: offline
HI,

Funny, I have just installed ISA 2004 and have the same problem. I cannot get PPTP to work through ISA 2004. Have followed the Ms article. I will try the PPTP inbound and see if that works

Thanks

Warren

(in reply to elmajdal)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> PPTP outbound Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts