RE: VPN Clients - No PPTP traffic
- From: "Joseph Danielsen" <JDanielsen@xxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 16:51:48 -0400
Tom: for every time you help - a beer is owed. Please pick them up soon, my
truck is getting pretty heavy.
1) Thank you.
2) Same clients (as it seems).
3) The ISA has a Netopia DSL modem/router. NAT function has been turned off. It
should be passing through all traffic without translation or inspection.
4) The IP addresses: 198.133.170.1, 167.206.5.250, 129.250.163.36,
147.208.132.198, 64.233.179.104 and more.
*** Interesting find, if I execute a continuous ping from the client to the
home server - the connection continues to work fine... so far ***
I found a few articles - but the closet say to contact MS for a fix.
Joseph Danielsen: MCSA-Messaging, MCP
Network Blade Inc.
49 Marcy Street
Somerset, NJ 08873
Phone: 732-259-0201
www.networkblade.com
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thu 10/27/2005 4:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients - No PPTP traffic
http://www.ISAserver.org
Hi Joseph,
IIRC - If I recall correctly
Are they always the same clients who drop off, or does it vary?
Also, are there any devices, routers or NAT devices in front of the ISA
firewalls?
What address is generating the all port scan attack? I usually ignore those
warnings, but since something is happening here, it worth checking it out.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 2:55 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic
Thanks Tom!
I will continue to look for a KB that will help. (what does IIRC mean?)
Clients are all XP pro and one 2k Pro using Outlook 2002 (updated and
patched).
Neither ISA shows anything in the System / Application event logs
...... except for a crap load of :15105 notices
"ISA Server detected an all port scan attack from Internet Protocol
(IP) address x.x.x.x"
Should I be doing something with these source IP addresses?
Joseph Danielsen: MCSA-Messaging, MCP
Network Blade Inc.
49 Marcy Street
Somerset, NJ 08873
Phone: 732-259-0201
www.networkblade.com
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thu 10/27/2005 3:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients - No PPTP traffic
http://www.ISAserver.org
Hi Joseph,
It could be the client operating systems. I recall a KB article that
mentioned a fix for PPTP connections that dropped early -- but IIRC, the drops
took place after a minute or two.
What client OS's are they using?
The Event Viewer on the VPN server usually says why the connection was
dropped, if the VPN server was aware of the droppage.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 2:31 PM
To: [ISAserver.org Discussion List]
Subject: VPN Clients - No PPTP traffic
I am at a remote site - inwhich which all users connect to the
main office via individual VPN clients (temp situation for next 2 months).
After approx 20 minutes, no traffic seems to go through the PPTP tunnel.
If I disconnect, then re-connect all works well. I don't know
if one of the ISA boxes are to blame.
My laptop is also connected to the main office, with the same
applications opened and I have no problems.
Main Office Firewall: Windows 2003, ISA 2004.
Remote Office Firewall: Windows 2003, ISA 2000.
Help! Please Help!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jdanielsen@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jdanielsen@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
