Wish everyone a very happy new year. Comming to my problem, I have been provided with a CISCO VPN Client ver 4.0.3 to login to my ISP VPN network. I am using ISA 2000 server and XP client. I am not able to initiate any conenction to the ISP VPN IP Address. While I use a dialup modem and bypassing the ISA server I am able to conenct.
As per the published documents I have enabled IP routing and PPTP through ISA firewall. Defined two protocols IKE and NAT-T and created a L2TP-IPSec Outbound protocol rule. I have also made the XP client a secured NAT. But still it fails. How can I initiate a VPN conenction to my ISP. Can I try and create a VPN connection in windows XP. Please try to help me as this VPN conenction is very critical and important for me. Thanks and Regards Vik
2nd question: How can i ping to some public ip address from a client, like ISP DNS Server? I made a firewall client but still not able to ping to any public IP add.I am able to ping from the ISA Server console.Is it a normal scenario? Browsing is working fine.
I am follwoing all the standard as outlined by you for the ISA server. I have a internal DNS Server which is using forward to the ISP DNS Server.
Q2: Ping is ICMP based, not TCP or UDP. Therefore it is not handled by the Firewall client. If you have to support ping, the clients *must* be configured as SecureNAT clients en you *must* enable IP routing on the ISA Server. For more info, check out Allowing Outbound PING and PPTP Connections.
hi, Q1: I am using a hierarchy network. Every floor has its own VLAN and using the VLAN IP as their gateway. Fortunately for my Outbound VPN clients I have an ISA server in the same VLAN. In this scenario I can make them act as a secured NAT.
The ISA server external Interface is connected to an ADSL Modem. The modem has been configured as a bridge device and so I am able to make a dialup connection in the ISA and using this as the dialup entry for the primary route.
When I am making the client as a secured NAT, the ISA server does not dial automatically. While for other clients like firewall or web proxy, the ISA server is able to initiate a dial out. I am able to browse, download mails using outlook and able to do all other activities like chat etc except VPN Outbound. Does this gives any kind of clues?
I have enabled IP routing as well as PPTP and created all the protocol definitions and rule as outlined in your document.
Q2. I have also enabled IP routing but still not able to initiate any ICMP packets like ping to yahoo.com..etc.
I am using a hierarchy network. Every floor has its own VLAN and using the VLAN IP as their gateway. Fortunately for my Outbound VPN clients I have an ISA server in the same VLAN. In this scenario I can make them act as a secured NAT.
When I am making the client as a secured NAT, the ISA server does not dial automatically.
According to the info in the posted KB, a SecureNAT request should trigger ISA to dial the connection. Take note however that I have no experience with dialup connections on ISA.
What is the ISA logging telling you? Make sure you have enebled the logging of the fields Rule #1 (protocol rule) and Rule #2 (Site&Content rule).
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Outbound VPN Access to the ISP 
Outbound VPN Access to the ISP - 
RE: Outbound VPN Access to the ISP - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread