[isalist] Re: ISA 2004 > SSL-VPN > Terminal Services

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 9 Oct 2007 06:42:49 -0700

http://www.ISAserver.org
-------------------------------------------------------

Is the Sonicwall using PPTP or IPSec?
For IPSec, only IPSec NAT-T can pass through a NAT path, such as a default ISA 
installation.
PPTP has no such limitation, _but_ if the Sonicwall or the client misuse the 
PPTP protocol, the ISA PPTP filter will break the connection.

Tom; surely you're not siuggesting that he disable PMTU discovery?  That's 
exactly what the article instructs...
If this is a clean ISA 2006 installation, you _shouldn't_ have to mess with 
that value, since ISA stopped messing with it as of SP3 (includes ISA 20006).  
If you do a live search for "isa enablepmtudiscovery", you'll find lots of 
blogs, articles, etc. that discuss this one.

Jim
________________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Thomas W Shinder [tshinder@xxxxxxxxxxx]
Sent: Tuesday, October 09, 2007 4:39 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services

http://www.ISAserver.org
-------------------------------------------------------

Hi Joseph,

By default, fragmented packets are allowed, however you do have the
option to block them.

You can also enable PMTU discovery on the ISA Firewall by configuring
the Registry

http://www.microsoft.com/technet/community/columns/cableguy/cg0704.mspx

HTH,
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)



> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> Sent: Monday, October 08, 2007 2:11 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] ISA 2004 > SSL-VPN > Terminal Services
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I have an ISA 2004 in front of an SSL-VPN (SonicWall) box for the
> purposes of publishing Terminal Services and File Shares.
>
> However, when I called SonicWall Tech support to report that the TS
> sessions were terminating with "Internal Protocol Error"
> messages - they
> asked me to check: 1) the MTU limits and 2) If I'm allowing fragmented
> packets.
>
> Can someone please tell me how I can check that on the ISA server?
>
> I greatly appreciate the help.
>
> Joseph Danielsen
> ------------------------------------------------------
> List Archives: http://www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
    • From: Thomas W Shinder

Other related posts:

• » [isalist] ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] ISA 2004 > SSL-VPN > Terminal Services

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription