Sanity Check
- From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 18 Sep 2003 10:37:37 -0700
Greetings all. Let me start by saying "Arrg."
I would like to submit an issue I am having to the group for a sanity
check. I've done about a million point-to-point VPN setups with ISA on
Wink2 without issues. However, in a new 2003 Server (with all SP's for the
OS and ISA) install, setting up point-to-point (remote/local) ISA VPN
servers has been an issue.
Basically, the VPN's connect just fine; clients on both sides can ping,
telnet to any given port, etc, but they can't authenticate to resources on
either side. What is interesting is that the ISA/VPN boxes themselves
can. It's your basic, flat setup:
Network A -> ISA-A --- Internet --- ISA-B -> Network B
From ISA-A, I can immediately pull up resources on ISA-B, and any
resources on Network B.
From ISA-B, I can immediately pull up resources on ISA-A, and any
resources on Network A.
Clients on Network A can ping, and as I said, telnet to open ports on
resources on Network B- same from clients on Network B.
But, if from Network A, you try to pull up something that requires
authentication (like a share) on Network B, it fails with a "semaphore
timed out" error after a few minutes. Same from Network B.
In my ISA logs on both ISA-A and ISA-B, I show all kinds of requests from
Network B to Network A and Network A to Network B being filtered out as
"malformed." Technet searches did not turn up anything. WTF? Have I gone
mad? What am I forgetting? I have looked and there is no checkbox for
"randomly malform packets and prevent authentication."
Can anyone help this aged computer dude?
t
Other related posts: