[isalist] Re: Outgoing VPN...

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 22 Jan 2008 20:44:00 -0800

http://www.ISAserver.org
-------------------------------------------------------

Well, you can authenticate if you have separate rules to carve out GRE,
right?

t

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Tuesday, January 22, 2008 6:13 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Outgoing VPN...
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> You can't authenticate outbound VPN because:
> 1. VPN traffic is not handled by the web proxy
> 2. the ISA FWC is required to authenticate non-web proxy traffic
> 3. the ISA FWC only handles TCP and UDP and that only for traffic
> processed by Winsock
> 4. PPTP includes IP-47 (GRE), which is neither TCP nor UDP
> 
> Thus, you can't authenticate PPTP traffic.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
> Sent: Tuesday, January 22, 2008 1:12 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Outgoing VPN...
> 
> But why can you NOT specify a subset of users?
> 
> 
> ________________________________
> 
>         From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
>         Sent: Tuesday, January 22, 2008 3:57 PM
>         To: isalist@xxxxxxxxxxxxx
>         Subject: [isalist] Re: Outgoing VPN...
> 
> 
> 
>         Tada :)
> 
> 
> 
>         t
> 
> 
> 
>         From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
>         Sent: Tuesday, January 22, 2008 12:50 PM
>         To: isalist@xxxxxxxxxxxxx
>         Subject: [isalist] Re: Outgoing VPN...
> 
> 
> 
>         I double checked the user list and I had a subset of users
> allowed for this rule (not All Users) - when I changed to ALL USERS, I
> am now connected to the remote VPN !
> 
> 
> 
> ________________________________
> 
>                 From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
>                 Sent: Tuesday, January 22, 2008 3:06 PM
>                 To: isalist@xxxxxxxxxxxxx
>                 Subject: [isalist] Re: Outgoing VPN...
> 
>                 Hey Tom - are you sure it's PPTP and not LT2P?  What
> does the log say when you attempt the connection?
> 
>                 t
> 
> 
> 
>                 From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
>                 Sent: Tuesday, January 22, 2008 11:55 AM
>                 To: isalist@xxxxxxxxxxxxx
>                 Subject: [isalist] Outgoing VPN...
> 
> 
> 
>                 Trying to get an outgoing VPN connection to work
> through ISA 2006 on a W2K3 SP2 server. I have the outbound access rule
> setup as...
> 
> 
> 
>                 VPN Outbound
> 
>                 Allow
> 
>                 PPTP
> 
>                 GRE (VPN) - [User-Defined, IP-Level 47 Send Recv]
> 
>                 From - Internal
> 
>                 To - External
> 
>                 All Users
> 
>                 Always
> 
>                 All Content Type.
> 
> 
> 
>                 I have disabled the Firewall Client software, removed
> the ISA settings in IE Connections, and set my PC up as a SecureNAT
> Client. It now takes alot longer to fail now, before I made the PC a
> SecureNAT client, it would fail immediately.
> 
> 
> 
>                 Currently I am getting an 800 Error.
> 
> 
> 
>                 I bypassed the ISA 2006 server and was able to make
the
> connection immediately with no issues.
> 
> 
> 
>                 Any advice would be appreciated.
> 
> 
> 
>                 TIA,
> 
> 
> 
>                 -TRogers
> 
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2008