[isalist] Re: VPN Client Connection Problem

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Tue, 15 Jan 2008 09:33:15 -0600

http://www.ISAserver.org
-------------------------------------------------------

L2TP/IPsec with EAP user authentication (smart card, etc) is the current
state of the art.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
> Sent: Tuesday, January 15, 2008 9:19 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Speaking of PPTP, we've been using it for years--sometime 
> before I came
> along. We've just kept it going by default. I assume some 
> other protocol
> would be safer and more secure. What would you (the list, not
> necessarily just Jim Harrison) recommend as an upgraded protocol?
> 
> Thanks,
> Rob
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Tuesday, January 15, 2008 9:20 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Yano - you did.
> I guess I'm just getting to the point where I overlook "PPTP"
> 
> Still; a look at the relevant log entries (start from 
> "initiate") would
> help a lot.
> Even better would be network captures from both sides of ISA (NetMon 3
> can do this).
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Rob Moore
> Sent: Tuesday, January 15, 2008 6:02 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> I did mention in my original post that it was PPTP.
> 
> Rob
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Monday, January 14, 2008 10:39 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> I'll bet a dollar it's a PPTP VPN :)
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Monday, January 14, 2008 8:07 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Can you include a couple of the log entries that indicate 
> this traffic?
> "VPN" is too vague; is this IPSec, PPTP, SSL-VPN..?
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Rob Moore
> Sent: Monday, January 14, 2008 1:33 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] VPN Client Connection Problem
> 
> Hello all-
> 
> ISA 2006 Standard
> 
> Windows Server 2003
> 
> I've got an odd problem. I have a guy using a Mac trying to connect to
> my VPN server. (The VPN server is a Windows server running behind the
> ISA server. It's a PPTP VPN.) When he tries to connect, he gets this
> error message: "The connection was terminated by the communication
> device. Please verify your settings and try again". We've tried
> recreating his VPN connector. We've tried connecting wired 
> and wireless
> and from several different locations. I've also successfully connected
> to the VPN server using his account but from different computers, both
> Mac and PC.
> 
> When I monitor my own successful connection attempt on the firewall, I
> get a single message that says the connection was initiated. When I
> monitor his unsuccessful connection attempt, I get three 
> entries. First
> it says the connection was initiated. Then it says the connection was
> closed. Then I get a "Denied" entry in which it appears the ISA server
> is trying to send the request to the public IP address of the VPN
> server. The error is "0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED."
> 
> I've tried Googling it and gotten a lot of stuff, some of it ISA
> related, some of it not. I also looked some in the archives of this
> list.
> 
> Can anyone point me in the right direction?
> 
> Thanks,
> 
> Rob
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
> Rob Moore
> 
> Network Manager
> 
> 215-241-7870
> 
> Help Desk: 800-500-AFSC
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• Follow-Ups:
  • [isalist] Re: VPN Client Connection Problem
    • From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR

Other related posts:

• » [isalist] VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem

1. Home
2. isalist
3. Archive
4. 01-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---