• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Outgoing PPTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Outgoing PPTP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Outgoing PPTP - 20.Sep.2006 11:59:32 PM   
jconley

 

Posts: 5
Joined: 20.Sep.2006
Status: offline
I'm trying to configure our ISA Server to allow outgoing PPTP tunnels but I can't seem to get it to work. The VPN client keeps spitting back error 619. The ISA Server is a VPN terminator for incoming connections and that side of things works great. Any thoughts? I've looked through every dialog I could find, but so far no magic "allow PPTP pass through" setting has been found.
Post #: 1
RE: Outgoing PPTP - 21.Sep.2006 12:00:53 AM   
jconley

 

Posts: 5
Joined: 20.Sep.2006
Status: offline
I should point out that the obvious setting up of an Allow policy for outgoing PPTP across the appropriate networks has been done. Also, we do not run the firewall client at all, these are all anonymous NAT users.

(in reply to jconley)
Post #: 2
RE: Outgoing PPTP - 21.Sep.2006 5:42:44 PM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Need more information.

Do you have a direct line out from the ISA or are is it going through an router. The problem might be the router doesn't support GRE that is required for VPN.

If isa as direct access to the internet there shouldn't be a problem

Regards,

Alans

(in reply to jconley)
Post #: 3
RE: Outgoing PPTP - 21.Sep.2006 7:08:18 PM   
jconley

 

Posts: 5
Joined: 20.Sep.2006
Status: offline
The ISA Server has two NIC's. One is internal, one is external. The external NIC has our 5 external static internet routeable IP's and is connected directly into a Netopia DSL modem/bridge/gateway. VPN does work through this device and if I unplug the ISA server and plug back in our old gateway (Linux based system) it works fine. I'm sure I'm just missing some configuration somewhere in the ISA machine. Like I said earlier it does work for terminating incoming PPTP VPN's just great, I just can't get an outgoing one to make it through.

(in reply to alans)
Post #: 4
RE: Outgoing PPTP - 21.Sep.2006 8:02:32 PM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Hi,

If all the networks and network rules are correct and the access rule allows the traffic you shouldn't have any problem connecting out.

I'm running ISA 2004/2006 at home at the office and at about 50 clients no problem it just may be a small configuration problem.

Make sure everything is defined correctly and maybe check the logs to see the error message. It should also state the source network is Internal and the Destination must be external.

Regards,

Alans


(in reply to jconley)
Post #: 5
RE: Outgoing PPTP - 21.Sep.2006 9:50:38 PM   
jconley

 

Posts: 5
Joined: 20.Sep.2006
Status: offline
I guess my issue is that I don't know what the correct network rules and address rules are for routing PPTP in ISA. In fact I even have an "everything outbound" policy that allows any protocol from any internal network to go to any other network. This seems to work for every other protocol. I assumed this would cover it, but I must be missing something. Is there a guide somewhere (that's relevant to 2006) or a sample configuration I can look at?

(in reply to alans)
Post #: 6
RE: Outgoing PPTP - 22.Sep.2006 4:44:59 PM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Yes you can get toms book for ISA 2004 through amazon.

you should find tons of articles on this web site and on the internet.

Happy hunting


(in reply to jconley)
Post #: 7
RE: Outgoing PPTP - 22.Sep.2006 6:49:39 PM   
jconley

 

Posts: 5
Joined: 20.Sep.2006
Status: offline
Site to Site VPN's don't appear to be working either. So it's basically all outgoing VPN's. Is there an issue or some considerations that need to be done to accept incoming VPN's and allow PPTP Passthrough on the same ISA Server?

(in reply to jconley)
Post #: 8
RE: Outgoing PPTP - 24.Sep.2006 7:20:19 PM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Hi,

GRE is required. I think you might have a problem with GRE. have you tried L2TP?

Regards,

Alan

(in reply to jconley)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Outgoing PPTP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts