[isalist] Re: Outgoing VPN...

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 22 Jan 2008 13:29:33 -0800

My guess is that you aren't -- you said you changed to SNAT client,
which means you'll only be able to use IP sets to restrict computers,
not "authenticated" users.  You'll need to load the FWC for that.



t



From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Tuesday, January 22, 2008 1:21 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Outgoing VPN...



Ah, I see... You can specify  - how are you authenticating?



t



From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Tom Rogers
Sent: Tuesday, January 22, 2008 1:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Outgoing VPN...



But why can you NOT specify a subset of users?

        

________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
        Sent: Tuesday, January 22, 2008 3:57 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Outgoing VPN...

        Tada :)

        

        t

        

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
        Sent: Tuesday, January 22, 2008 12:50 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Outgoing VPN...

        

        I double checked the user list and I had a subset of users
allowed for this rule (not All Users) - when I changed to ALL USERS, I
am now connected to the remote VPN !

                

________________________________

                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
                Sent: Tuesday, January 22, 2008 3:06 PM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Re: Outgoing VPN...

                Hey Tom - are you sure it's PPTP and not LT2P?  What
does the log say when you attempt the connection?

                t

                

                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
                Sent: Tuesday, January 22, 2008 11:55 AM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Outgoing VPN...

                

                Trying to get an outgoing VPN connection to work through
ISA 2006 on a W2K3 SP2 server. I have the outbound access rule setup
as...

                

                VPN Outbound

                Allow

                PPTP

                GRE (VPN) - [User-Defined, IP-Level 47 Send Recv]

                From - Internal

                To - External

                All Users

                Always

                All Content Type.

                

                I have disabled the Firewall Client software, removed
the ISA settings in IE Connections, and set my PC up as a SecureNAT
Client. It now takes alot longer to fail now, before I made the PC a
SecureNAT client, it would fail immediately.

                

                Currently I am getting an 800 Error.

                

                I bypassed the ISA 2006 server and was able to make the
connection immediately with no issues.

                

                Any advice would be appreciated.

                

                TIA,

                

                -TRogers

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2008