RE: Sanity Check

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 18 Sep 2003 12:43:00 -0500

Hi Tim,

You're not nuts. I've heard this one before. But being even more aged as
you, I can't recall if there was a fix, or what the issue was. PMTU
might be an issued, but I'm not sure.

Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx] 
Sent: Thursday, September 18, 2003 12:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Sanity Check


http://www.ISAserver.org



Greetings all.  Let me start by saying "Arrg."

I would like to submit an issue I am having to the group for a sanity 
check.  I've done about a million point-to-point VPN setups with ISA on 
Wink2 without issues.  However, in a new 2003 Server (with all SP's for
the 
OS and ISA) install, setting up point-to-point (remote/local) ISA VPN 
servers has been an issue.

Basically, the VPN's connect just fine; clients on both sides can ping, 
telnet to any given port, etc, but they can't authenticate to resources
on 
either side.  What is interesting is that the ISA/VPN boxes themselves 
can.  It's your basic, flat setup:

Network A -> ISA-A ---  Internet --- ISA-B -> Network B

 From ISA-A, I can immediately pull up resources on ISA-B, and any 
resources on Network B.
 From ISA-B, I can immediately pull up resources on ISA-A, and any 
resources on Network A.
Clients on Network A can ping, and as I said, telnet to open ports on 
resources on Network B- same from clients on Network B.

But, if from Network A, you try to pull up something that requires 
authentication (like a share) on Network B, it fails with a "semaphore 
timed out" error after a few minutes.  Same from Network B.

In my ISA logs on both ISA-A and ISA-B, I show all kinds of requests
from 
Network B to Network A and Network A to Network B being filtered out as 
"malformed."  Technet searches did not turn up anything.  WTF?  Have I
gone 
mad?  What am I forgetting?  I have looked and there is no checkbox for 
"randomly malform packets and prevent authentication."

Can anyone help this aged computer dude?

t








------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Sanity Check
• » RE: Sanity Check
• » RE: Sanity Check
• » Sanity Check
• » RE: Sanity Check
• » RE: Sanity Check
• » RE: Sanity Check
• » RE: Sanity Check
• » RE: Sanity Check

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---