I'm with a very critical problem. Recently I have to rebuild my ISA2004 SP2 server which is member of a domain. I decided not to export and import the old configuration, and otherwise, start it all over.
Well, after setting up the rules, everythin is working fine, except for VPN client with PPTP. I can connect and authenticate VPN Clients with no problem. But now come my problem: when I have connected and been validated I can not access anything on the internal network (even using IP address). I've created rules there allow anything from ALL USERS from VPN Clients to the Internal network and Local host, but it seems like my traffic is disappearing. The users can get connected, get an IP-address (which is static), validate in AD, and, one thing important: THEY CAN ACCESS ISA SERVER (ping, RDP, etc), but not access internal servers and resources. When I get monitoring the trafic in ISA Server for VPN Clients, nothing is shown to Internal Network. YES, there's nothing in monitoring logging.
But here is the setup:
ISA 2004 with SP2 which is member of the domain. Public interface is setup with public IP address and default gateway on the same subnet obviously
Internal interface: IP 192.168.0.1/24
VPN Clients Static Pool 192.168.100.10 to 192.168.100.20
The ISA server can ping and make nslookup on all the infrastructure internal servers.
If any one has a suggestion what I might need to set or how I can troubleshoot it, I would be very gratefull.
I've been through the guides on this forum, the books, MS VPN deployment guide, and MS Premier Support Site. And I can't find the error. Thanks in advance for any suggestion there can point me in the right direction. If you miss any information about the setup, ask and I will try to give it.
Check out whether you can ping to your DHCP from ISA. You have to make it timeless for a few minutes. Use this command from the Dos. Ping (name of the DHCP server) /t. See whether the pinging breaks in between. Create a computer object for your DHCP server in the Computer list. Edit the the system policy DHCP and make sure that it is enabled. Add the DHCP server to From option tab of the DHCP system rule.
Is the ISA server the default gateway for your lan network?
You could try and change the relationship between the VPN and Internal network to NAT instead of route and see if that solve any thing. If it works it's proberly because your internal network dont know that the ISA server should be default gateway for the VPN network .
Althought Trend Micro Office Scan was removed from the server before ISA was installed, for some reason a DLL that enables the firewall feature still was active in Kernel Mode, and this was preventing any conection from external world to the internal network, including conections that was made by vpn clients.
After killing this DLL, everything started to work fine.
Thanks everyone for the attention. Best regards, Bruno.