• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Intermittent VPN traffic issue

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Intermittent VPN traffic issue Page: [1]
Login
Message << Older Topic   Newer Topic >>
Intermittent VPN traffic issue - 3.Oct.2006 11:07:53 PM   
sdepot

 

Posts: 2
Joined: 3.Oct.2006
Status: offline
We are running ISA Server 2004 on a 2003 SP1 machine.  We have set up PPTP VPN access with a quarantine.  The only way to get out of the quarantine currently is by being in an exempted group.  We have been having an intermitten issue where a user connects to the VPN server, and is issued a DHCP address for our network.  After that point, they cannot use any of the resources that should be available to a quarantined user (ie: RDP, HTTP, etc).  They can ping internal devices, and they can do nslookups, but no other traffic seems to get through.  This has happened to both quarantined and non-quarantined users. 

Sometimes just disconnecting, waiting a few minutes and then reconnecting will solve this problem.  Othertimes it is persistent for the user.  At the same time, we will have other users not experiencing the problem (both quarantined and non-quarantined).  It seems to be more common on some users' machines than others (mostly running Windows XP SP2).

We applied ISA service pack 2 and several hotfixes to see if the issue would resolve, but have had no success.  Any ideas?
Post #: 1
RE: Intermittent VPN traffic issue - 9.Oct.2006 9:31:25 AM   
sdepot

 

Posts: 2
Joined: 3.Oct.2006
Status: offline
We have found the problem to be the Firewall Client.  This has mostly happened to laptop users.  They use the Firewall client when they are on our network to authenticate and get out to the Internet.  Then they take their laptop home, and try to connect.  If the Firewall client is running, then as soon as it finds the ISA server, they cannot get any tcp traffic to go out.  If they disable it, then they can do anything their group is allowed to do. 

To explain the intermittent part, when running the FWclient and connecting to vpn it takes a few seconds for the VPN client to find the ISA server.  During this time, the user can establish TCP connections to various resources (eg: terminal services).  If they have an established connection, even after the client finds the ISA server, their connection continues.  If they disconnect from their terminal service session, they cannot reconnect to it without disconnecting and reconnecting their VPN session (or disabling the firewall client of course).

It seems like Microsoft would have had the foresight to allow the Firewall client to work through a VPN session, or at least not cause a problem like this..

(in reply to sdepot)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Intermittent VPN traffic issue Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts