• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problem connecting to ISA 2K4 VPN behind ADSL Router

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Problem connecting to ISA 2K4 VPN behind ADSL Router Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problem connecting to ISA 2K4 VPN behind ADSL Router - 26.May2006 10:21:35 PM   
elemist

 

Posts: 3
Joined: 26.May2006
Status: offline
My setup:
Internet (VPN clients over DynDNS) -> ADSL router (192.168.2.1) -> (192.168.2.101 - DMZ) ISA Server (192.168.1.101) -> local network

I followed all instructions provided by various how to s
(network connection vpn-internal, firewall rule all access, VPN login privileges to certain group, user in that group to connect...)

everytime i try to connect to the vpn it comes as far as
"verifying user & password"
then it stops with error 721
"remote computer not responding"

what could be the reason for this error?

thanks!

elemist

< Message edited by elemist -- 26.May2006 10:26:10 PM >
Post #: 1
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 26.May2006 11:29:27 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi elemist,

if I got your configuration right, ISA server is behind a NAT device (the ADSL router). Correct?

If so, what VPN protocol are you using? If it is PPTP make sure that TCP port 1723 and IP protocol 47 (GRE) is forwarded to the ISA external interface. If it is L2TP/IPSec check out the following MSKB's:


HTH,
Stefaan

(in reply to elemist)
Post #: 2
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 27.May2006 12:19:37 AM   
elemist

 

Posts: 3
Joined: 26.May2006
Status: offline
First of all...
Thanks for this immediate answer

I have both IPSec AND pptp activated on my ISA server
As i wrote in my network setup map the ISA server computer is a demilitarized zone which is set to forward everything
so there shouldn't be any problems with the forwarding of the connection data
after all ISA is my network firewall, so it seems natural not to protect it to the internet and let itself control the traffic

I somehow managed to solve the connection problem with the vpns
(i guess it had something to do with the IP settings i had...  DHCP server didn't work, now a IP range does)
but now i'm facing some other troubles...
for instance that the VPNs can neither communicate with the server nor with each other through VPN
they are shown as successfully connected in ISA and they also get there IPs out of the range i defined
but not even one single echo command is able to reach them...

i'd appreciate any information that might help with this

thanks

elemist

(in reply to elemist)
Post #: 3
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 7.Jun.2006 7:52:02 PM   
elemist

 

Posts: 3
Joined: 26.May2006
Status: offline
Hasn't anyone ANY idea what could cause this communication prpblem between the VPN clients and between them and the server?

elemist

(in reply to elemist)
Post #: 4
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 8.Jun.2006 4:50:14 AM   
BaoJS

 

Posts: 1
Joined: 3.Jun.2006
Status: offline
Hi elemist, i've in a same situation like you. My setup like this :

Internet (VPN clients over DynDNS) -> ADSL router (192.168.1.8) -> (192.168.1.1 - WAN) ISA Server (10.10.0.1) -> local network

I've setup same like you, on my local network 10.10.0.x i've a DC 10.10.0.1. I install IAS on this DC and setup for this verify ISA 2004 to IAS client. On my ISA 2004 i point to DC to recognize IAS server. On my ADSL modem i've forward TCP port 1723 and IP protocol 47 to my ISA WAN interface.

But every time i try to connect it stop with error 678 or 721.

If i using RRAS on my DC(10.10.0.2) and on my ISA i created a Server publishing rule to publish a PPTP server on 10.10.0.2 then i try to connect, it's successfuly. But in this solution i've using VPN over RRAS on my DC not VPN on my ISA 2004.

I've read all article about created VPN on isaserver.org and i'm check my config to make sure it's correct but VPN not working. I'm really confuse. I've talk with my friend and he try setup VPN over ISA 2004 (but he using IP public with him's broad brand connection)

Anyone try to setup VPN with DDNS before, could you explain and correct for me if i'm wrong. Tks in advance :)   

(in reply to elemist)
Post #: 5
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 11.Jun.2006 1:47:39 AM   
giabetiu

 

Posts: 1
Joined: 11.Jun.2006
From: The Netherlands
Status: offline
Hello everybody
 
I didn’t use yet ISA technology. Myself I also was looking for creating a vpn connection (in my case I actually want to have a tunnel between a pix and an ISA2004 server from a remote location, but this ISA is behind an ADSL router that of course is doing NAT).
 
I started first a with the concept and feasibility part.
There are 3 VPN technologies I know:
-         IPSec tunnel
-         L2TP/IPSec
-         PPTP
 
I started to analyze if IPSec would be possible to use. And if so, AH and/or ESP limitations/requirements.
The teory will say:

IPSec transport mode

AH – will do a hash(will sign)entire packet (IP, TCP/UDP, Data) --> cannot cross a router or NAT since either of those will modify at least one of those fields.
ESP- will also have sign TCP/UDP header and Data
IPSec tunnel mode:

Will add an extra IP header to support passing routers
 
--> a NAT process (any change) to a packet will automatically invalidate it at reception
 
Microsoft released an update (supporting NAT-T) that will allow L2TP/IPSec client to exist in a NATed network. (http://support.microsoft.com/?id=818043). However, the VPN server that will be IPSec based, cannot stay in a NATed network.
 
Conclusion would be:
-         if you have ADSL router (one dynamic IP) and behind of it your VPN server (ISA) then you cannot choose IPSec based solution. Possible (theoretically should work, practically I have to see) to use PPTP
-         if you have an ADSL modem only (not a router), and you connect your VPN server to it (your external network interface of your ISA will be then a public IP) any vpn should work (ok… still limitations for IPSec tunnel if the address will change too often)
-         If you have an SDSL that normally will allow you more public IPs then put your VPN server in a DMZ, assign it a public IP and would be no problem with IPSec.
 
 
I hope that my in depth analysis can help.
 

_____________________________

Gia Betiu
MCSE, CNE

Share Dimension
www.sharedimension.com

(in reply to BaoJS)
Post #: 6
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 6.Nov.2006 4:18:05 PM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
hi Guys,

Anyone of you has got solution for this problem?

I have the same ISA Server 2004 Setup with 3 NIC's, LAN, WAN and DMZ.

All the setup is fine, except connecting to ISA Server from Public Network to my Dynamic IP which is updated by No-IP.Com

BR,

Habibalby

(in reply to giabetiu)
Post #: 7
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 13.Nov.2006 7:13:15 AM   
jineshk

 

Posts: 8
Joined: 20.Oct.2006
From: google
Status: offline
Hi
I have ISA 2004 installed in our network and also configured and everything was working fine.

Since I am using a router called Aztec and it is taking too much time to update my DNS(dyndns.org), yesterday we have changed our router to Linksys WAG200G where there is DDSNS option in router itself.

Once I installed this new router vpn clients cannot establish a connection with my ISA, i done all steps including port forwarding, 50,50,500 1723 ports forwarded, but still not working.

Is there somebody can help to solve this issue

Jinesh Kumar

(in reply to elemist)
Post #: 8
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 13.Nov.2006 2:05:47 PM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
hi jineshk,

Could you please explain little in details how is your network setup? Your ISA has got two Interfaces, one is for External and the other for Internal? As there are so many factors that won't keep you to be connected to your VPN Server.
  • It could be your VPN Settings in ISA itself.
  • It could be the DHCP Server, are you using DHCP or manually assigned IP's?
  • Have you installed the DHCP-Relay Agent and selected the Internal Interface to provide IPs?
  • What protocols you have selected? PPTP or L2TP?
  • Have you assigned a VPN Group to be able to dial-in to ISA VPN?
  • Did you select the External Interface of ISA to listen for VPN Connection?
  • What Authenitication are using, RADIUS ? or only AD

If you can give some justification we will be glad to help to our optimum level .

BR,

Habibalby

(in reply to jineshk)
Post #: 9
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 17.Nov.2006 10:49:22 AM   
jineshk

 

Posts: 8
Joined: 20.Oct.2006
From: google
Status: offline
Hi
Thank you very much, I got problem solved.

I have enabled DMZ port in my router and forwarded my ISA external IP from that port.

After that VPN clients are able to connect now to server

thanks for your reply

regards

Jinesh Kumar


_____________________________

Jinesh Kumar

(in reply to habibalby)
Post #: 10
RE: Problem connecting to ISA 2K4 VPN behind ADSL Router - 17.Nov.2006 11:46:17 AM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
Glad to hear that, what was the problem?
BR,
Habibalby

(in reply to jineshk)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Problem connecting to ISA 2K4 VPN behind ADSL Router Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts