[isalist] Re: Point to Point VPN ISA 2006

• From: William Holmes <wtholmes@xxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Mon, 22 Oct 2007 11:36:02 -0400

http://www.ISAserver.org
-------------------------------------------------------

Hello,

Thank for this explanation.  After 19 replies from members of this list we
finally get to the real issue:  

ISA drops PPTP connections when it sees a change in the PeerID, while Windows
XP does not.  Some broadband routers (including the Linksys BEFSX41) mangle
the peer ID and therefore will prevent an ISA2006 server from establishing a
point to point PPTP connection. 

The Linksys RV042 evidently does not mangle the PeerID as it has worked
flawlessly for three years. I have a replacement on order.  While I
appreciate that everyone has opinions on the best and worst hardware that one
can utilize, I appreciate even more the explanation of the underlying problem
which Jim has described. 

It would have been nice to have gotten to that 17 replies ago. Perhaps
Linksys routers suck perhaps they don't, but I have never had a problem with
the RV042 until is literally smoked.

Bill

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, October 22, 2007 11:00 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Point to Point VPN ISA 2006

http://www.ISAserver.org
-------------------------------------------------------
  
Yes, it is and this is why I mention  it specifically.
Your determinations, while seemingly logical, ignores the point I'm trying to
make; e.g., that ISA will drop the PPTP connection when it sees a change in
the PeerID.  XP for some silly reason, will not.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William Holmes
Sent: Monday, October 22, 2007 7:41 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Point to Point VPN ISA 2006

http://www.ISAserver.org
-------------------------------------------------------

Hello,

Hello,

I haven't had a chance to do the network captures yes, however is the PeerID
something that my Local ISA 2006 server would be looking for. The reason I as
is that my XP laptop can establish a PPTP connection through the router
without any difficulties. This seems to indicate that the problem is not
between the router and the remote ISA Server but rather between my Local ISA
server and the Router, or more appropriately from my local ISA Server through
the router.

Bill

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Sunday, October 21, 2007 9:53 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Point to Point VPN ISA 2006

http://www.ISAserver.org
-------------------------------------------------------

Get simultaneous network craptures at both sides of the Stinkzits.
I'll bet it's trashing the PeerID.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William Holmes
Sent: Sunday, October 21, 2007 6:09 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Point to Point VPN ISA 2006

http://www.ISAserver.org
-------------------------------------------------------

Hello,

Yes the Linksys is performing NAT. A client connected directly to the Linksys
can connect via PPTP. My ISA server connected to the same Linksys cannot
establish a PPTP connection.

Bill

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Sunday, October 21, 2007 10:49 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Point to Point VPN ISA 2006

http://www.ISAserver.org
-------------------------------------------------------

Actually, it's TCP:1723 and IP:47.
Is the Linksys performing NAT?

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William Holmes
Sent: Saturday, October 20, 2007 3:36 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Point to Point VPN ISA 2006

Hello,



I am using a PPTP VPN. Port 500 is ISAKMP which shouldn't be necessary for
PPTP correct? Should be Protocol 47 and Port 1725. Protocol 47 is enabled by
the PPTP passthrough setting and port 1725 should only be required outbound
through the linksys. At least that's what I think is required.



Bill



________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Saturday, October 20, 2007 5:49 PM
To: ISA Mailing List
Subject: [isalist] Re: Point to Point VPN ISA 2006



Have you forwarded udp 500 through the Linksys??



S



From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William Holmes
Sent: Saturday, October 20, 2007 6:31 PM
To: ISA Mailing List
Subject: [isalist] Point to Point VPN ISA 2006



Hello,



I have a point to point VPN setup with ISA2006. This has been working just
fine until my Internet Router Died. I have a new router on order but I have a
question.



I put a new router (one I had around) in place of my dead router. On this
router (Linksys befsx41)  I enabled VPN pass through. If I plug a laptop into
the BEFSX41 directly I can start a PPTP connection and connect to the remote
ISA2006 server.



However if I try to start the point to point PPTP connection between the
Local ISA2006 server and the Remote ISA 2006 server I get the following error
message from the routing and remote access service:



An error occurred during connection of the interface. The connection was
terminated by the remote computer before it could be completed. For further
assistance click More Info or search Help and Support Center for this error
number.



However there is no error number.



If I connect my ISA server directly to my broadband connection then the
Tunnel works fine (that is ISA to ISA without the intervening router).  Now
before someone jumps to conclusions about why I have the router, I am on a
dynamic IP address at home where I am connecting from and I want ISA to
always have a fixed address. In addition I have two Internet connections one
Cable and one DSL and the Router (Linksys RV042) handles connection to both
and provides failover and bandwidth aggregation. It also provides some simple
packet filtering that cuts down on a lot of the BS that in on the broadbands.



The VPN works fine with the RV042 but not with the older BEFSX41 and I would
like to understand why, especially since a VPN connection to the same remote
ISA server works fine when connecting from a laptop that is connected to same
Router.



Thanks



Bill

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• Follow-Ups:
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: Jim Harrison

• References:
  • [isalist] Point to Point VPN ISA 2006
    • From: William Holmes
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: Steve Moffat
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: William Holmes
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: Jim Harrison
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: William Holmes
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: Jim Harrison
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: William Holmes
  • [isalist] Re: Point to Point VPN ISA 2006
    • From: Jim Harrison

Other related posts:

• » [isalist] Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006
• » [isalist] Re: Point to Point VPN ISA 2006

1. Home
2. isalist
3. Archive
4. 10-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---