Thanks a lot Tom. I will take another look at the items you suggested. Thanks again! -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 6:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org Hi Sam, OK, first, we don't say "open a port" here because it gives me PSTD related to tech support guys who suggest that I "open a port" -- check out www.tacteam.net/openport.htm I assume you have using a NAT-T compliant client? If do, it is encapsulating the proprietary IPSec implementation in a UDP or TCP packet (ISA doesn't seem to work with cisco's proprietary TCP encapsulation method, though). So, one way to test this out is to create an "all open" Protocol Rule that allows all IP traffic outbound. Make sure your client is configured as a SecureNAT client, since I don't know where in the stack the VPN client piece is working for your implementation. For example, the Microsoft NAT-T client won't work with the Firewall client enabled. Check out Stefaan Pouseele's article on this subject at the Web site. HTH, Tom -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Tuesday, December 09, 2003 8:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org Hi Tom, I am sorry to single you out for my question but I am getting pretty desperate. I am trying to use VPN-1 secureClient behind ISA to access the office from my home. I have opened pretty much every port I can think of. I just can't get the packet to pass thru ISA. I keep getting the error "communication failed" When I try to create a site in the Secure Remote site. Ports opened: UDP 500, 4500, 259, 2746, 50, 51, 18231, and a bunch of TCP ports as well 1823, 19233, 500, 1703, 264, 1701, and much more. Sometimes I wonder if I just opened every port possible. I used both packet filters and Protocol rules. Any suggestions are appreciated! Thanks! Sam -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 4:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org Hi Tom, Do you have a prefered NAT device ? As I have said until recently I have had good luck with the LINKSYS box. Perhaps thare is somthing wrong with mine. Bill -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 6:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org Hi Bill, I unfortunately have to agree with this. For any environment requiring publishing, I always use a NAT device in front of it. HTH, Tom -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 2:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org The DDNS client doesn't really matter. That's not the issue. What is the issue is the fact the publish rules can not handle the external IP of the ISA server changing. At least its not obvious they can. Reconfiguring the ISA whenever there is a dns change is a pain. It would certainly be nice to be able to define the external interface in a publishing rule without regard to its IP address. I would certainly prefer to have the ISA server directly connected. It has never had a problem. Is this a all possible ? There are also issues with configuring the external interface with DHCP. It does not reliably receive a lease. Perhaps I have just not configured something correctly. Bill -----Original Message----- From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 1:56 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org I used to swear by Linksys, and now would not touch them. I ran my own bank of tests with Linksys, D-Link, Netgear, and SMC. I bought one of each of the wireless 802.11b from a local CompUSA and configured and ran them for 2 days. Each and everyone of these products pretty much sucks. They lock up, stop passing traffic on various ports, refuse to accept wireless connections, etc. I did not find a single one that operated flawlessly. The lastest versions (V4) from Linksys were especially bad. I am currently only using D-Link for home office installs. They seemed to be the least "sucky" of the batch. D-link's tech support, however, appears to be not much more than a bunch of 16-20 year olds that just happen to do tech support between LAN Parties based on their level of knowledge and professionalism on the phone. It was like trying to have a technical conversation with Spicoli from Fast Times at Ridgemont High, dude. Just curious, but is there an issue with running a DDNS client on the ISA box itself and skipping the router? Is there a way to do some kind of VBS with ISA to update the NAT tables in ISA from a DDNS client? ----- Original Message ----- From: "DJG" <intellihome@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 09, 2003 9:00 AM Subject: [isalist] Re: PPTP Question http://www.ISAserver.org I had more luck sifting through their (Linksys) website than talking to their support. Cisco has farmed Linksys support out of the country, at least when I last talked to them. Dan -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 8:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org Hello, Yes I have, but I have not been able to get through to a high level tech as of yet. I thought if someone else had solved this I could avoid the game of 1000 questions the first of which is are you using a PC or a MAC? Thanks Bill -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, December 09, 2003 9:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: PPTP Question http://www.ISAserver.org Have you spoken to the Linksys support folks? It sounds like you've narrowed it down pretty well. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "William Holmes" <wtholmes@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 09, 2003 06:21 Subject: [isalist] PPTP Question http://www.ISAserver.org Hello, In order to use publishing it is necessary for the external IP address of the ISA server to stay at a fixed IP. Unfortunately I have a DHCP assigned address on my Cable Modem. My solution has been to install a Linksys BEFSX41 router. This router has a DMZ port. I have my ISA server configured as the DMZ host. In this way the ISA server always sees a fixed IP address despite what the external address is. In addition this router supports dynamic DNS updates so whenever the router's IP address changes it updates my Dynamic DNS service. All of my published services work find except PPTP. And this has only stopped working since updating to the latest Firmware v1.45.3. Outbound PPTP works fine but inbound PPTP to the ISA server does not. Does anyone have any experience with this or suggestions about how allow inbound PPTP to work. It was working fine in the v1.43.3 firmware but that firmware has issues with working with DDNS. Thanks Bill ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wtholmes@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: intellihome@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wtholmes@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wtholmes@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')