Posts: 13
Joined: 16.Feb.2005
From: Melbourne, Australia
Status: offline
i have removed all internet access via the unrestricted outbound. leaving only the connection that allows the outbound PPTP connection, and it still doesnt work
I am having this same problem. The PPTP connection starts to authenticate, then dies with the listed error. I did a clean install of server 2003 and ISA 2004. I set up allow all internet access rules. I also tried adding specific PPTP rules.
Here are a couple of other wrinkles:
1. I have one extra internal NIC blocked off so that it only allows PPTP traffic. This NIC has a WEP wireless access point on it. The idea is that even if WEP is cracked, a hacker would need a VPN account to get into the network or do any surfing at all. This works great. No issues VPNing from the wireless to the external ISA NIC or the internal NIC being used. All internal and external access rules work.
2. I started having issues initially when I was using ISA 2000 and upgraded from a standard cable modem to an Ambit router provided by my ISP. At that point my connections would always die out after 2 minutes. This happened even when I removed the ISA server from the mix entirely and tried to go directly through the Ambit.
My conclusion is that there are some hardware vendors out there that need to get their acts together. I think the problem may be related to bridging or NAT settings within certian routers/modems. If someone has a work around, or a better conclusion, let me know.
Posts: 13
Joined: 16.Feb.2005
From: Melbourne, Australia
Status: offline
Hey smokeskull,
I have tried with Netcomm NB1300, Netgear DG814, Dlink DSL-300G, all running in bridge mode, connected to an IPCOP firewall( which all VPN works through when no ISA Server) which in turn is connected to the ISA2k4 server.
Running on Realtek NIC's, Dell NIC's in a DELL Server, and Nvidia nForce NIC's. All of which return this same error.
even when running PPPOE dialup from the ISA Server box, this still does not work.
I am at the point where the only people that might have an answer is Microsoft and I have to pay to find out why they arent helping, as I am not the only one having this trouble. So it defninately reproduceable.
If i cannot get this to work in a test environment, I wont be selling this to clients.
I have an ISA 2004 server here with a demand dial net connection and a number of sites (all running ISA 2004 servers) that i need to VPN into from my desktop. I have created an "all outbound access rule" for testing and have a preceeding PPTP outbound allow rule. The connection seams to verify then drops and gives me a 619 error, when i check the ISA FWS logs this is what i get:
I have searched Technet for the error code and got no results, I googled it and the error code means FWX_E_CONNECTION_KILLED.
From previous searches i remember seeing an article from technet describing a similar issue and saying the issue was because ISA (by default) will only pass TCP/UDP traffic, and suggested that adding an outbound rule for the GRE protocol would work...... From the looks of the log above the GRE outbound rule has worked and it is now the TCP packet that gets killed using the same rule.
Because i am using my laptop to connect to multiple sites I can absolutly say its my isa server that is the problem, I can take my laptop to a net cafe and connect to all of them.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Cannot VPN from internal clients to outside VPN servers 
Cannot VPN from internal clients to outside VPN servers - 
![[Frown]](/image/smiles/frown.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread