http://www.ISAserver.org ------------------------------------------------------- Well, you can authenticate if you have separate rules to carve out GRE, right? t > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Tuesday, January 22, 2008 6:13 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Outgoing VPN... > > http://www.ISAserver.org > ------------------------------------------------------- > > You can't authenticate outbound VPN because: > 1. VPN traffic is not handled by the web proxy > 2. the ISA FWC is required to authenticate non-web proxy traffic > 3. the ISA FWC only handles TCP and UDP and that only for traffic > processed by Winsock > 4. PPTP includes IP-47 (GRE), which is neither TCP nor UDP > > Thus, you can't authenticate PPTP traffic. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers > Sent: Tuesday, January 22, 2008 1:12 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Outgoing VPN... > > But why can you NOT specify a subset of users? > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) > Sent: Tuesday, January 22, 2008 3:57 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Outgoing VPN... > > > > Tada :) > > > > t > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers > Sent: Tuesday, January 22, 2008 12:50 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Outgoing VPN... > > > > I double checked the user list and I had a subset of users > allowed for this rule (not All Users) - when I changed to ALL USERS, I > am now connected to the remote VPN ! > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) > Sent: Tuesday, January 22, 2008 3:06 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Outgoing VPN... > > Hey Tom - are you sure it's PPTP and not LT2P? What > does the log say when you attempt the connection? > > t > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers > Sent: Tuesday, January 22, 2008 11:55 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Outgoing VPN... > > > > Trying to get an outgoing VPN connection to work > through ISA 2006 on a W2K3 SP2 server. I have the outbound access rule > setup as... > > > > VPN Outbound > > Allow > > PPTP > > GRE (VPN) - [User-Defined, IP-Level 47 Send Recv] > > From - Internal > > To - External > > All Users > > Always > > All Content Type. > > > > I have disabled the Firewall Client software, removed > the ISA settings in IE Connections, and set my PC up as a SecureNAT > Client. It now takes alot longer to fail now, before I made the PC a > SecureNAT client, it would fail immediately. > > > > Currently I am getting an 800 Error. > > > > I bypassed the ISA 2006 server and was able to make the > connection immediately with no issues. > > > > Any advice would be appreciated. > > > > TIA, > > > > -TRogers > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx