RE: VPN Clients - No PPTP traffic
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 16:07:29 -0500
Hi Joseph,
If there is a VPN fix, then go for it. There are a number of things that
you bang your head up against from today until doomsday, but if there is
something that indicates a hotfix will work, you might want to take
advantage of it.
I seem to recall, in the distant recesses of my aged memory, that there
was a problem like this with PPTP, but was fixed when using L2TP/IPSec.
This was ISA 2000. It might have been fixed in ISA2k SP2.
When you say the NAT function on the router is turned off, are you
saying that its just acting are a regular router, without traffic
filtering at all?
Also could be an MTU issue, but that *should* be affecting everyone.
What I'm trying to get at is there is a big playing field of possible
problems and fixes. Would be worth the PSS call -- and I hate to give in
like that, VPN connectivity issues are worth the call if you're not
really jiggy with NetMon or Ethereal and interpreting the traces.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 3:52 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic
Tom: for every time you help - a beer is owed. Please pick them
up soon, my truck is getting pretty heavy.
1) Thank you.
2) Same clients (as it seems).
3) The ISA has a Netopia DSL modem/router. NAT function has been
turned off. It should be passing through all traffic without translation
or inspection.
4) The IP addresses: 198.133.170.1, 167.206.5.250,
129.250.163.36, 147.208.132.198, 64.233.179.104 and more.
*** Interesting find, if I execute a continuous ping from the
client to the home server - the connection continues to work fine... so
far ***
I found a few articles - but the closet say to contact MS for a
fix.
Joseph Danielsen: MCSA-Messaging, MCP
Network Blade Inc.
49 Marcy Street
Somerset, NJ 08873
Phone: 732-259-0201
www.networkblade.com
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thu 10/27/2005 4:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients - No PPTP traffic
http://www.ISAserver.org
Hi Joseph,
IIRC - If I recall correctly
Are they always the same clients who drop off, or does it vary?
Also, are there any devices, routers or NAT devices in front of
the ISA firewalls?
What address is generating the all port scan attack? I usually
ignore those warnings, but since something is happening here, it worth
checking it out.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Joseph Danielsen
[mailto:JDanielsen@xxxxxxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 2:55 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic
Thanks Tom!
I will continue to look for a KB that will help. (what
does IIRC mean?)
Clients are all XP pro and one 2k Pro using Outlook 2002
(updated and patched).
Neither ISA shows anything in the System / Application
event logs ...... except for a crap load of :15105 notices
"ISA Server detected an all port scan attack from
Internet Protocol (IP) address x.x.x.x"
Should I be doing something with these source IP
addresses?
Joseph Danielsen: MCSA-Messaging, MCP
Network Blade Inc.
49 Marcy Street
Somerset, NJ 08873
Phone: 732-259-0201
www.networkblade.com
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thu 10/27/2005 3:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients - No PPTP traffic
http://www.ISAserver.org
Hi Joseph,
It could be the client operating systems. I recall a KB
article that mentioned a fix for PPTP connections that dropped early --
but IIRC, the drops took place after a minute or two.
What client OS's are they using?
The Event Viewer on the VPN server usually says why the
connection was dropped, if the VPN server was aware of the droppage.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Joseph Danielsen
[mailto:JDanielsen@xxxxxxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 2:31 PM
To: [ISAserver.org Discussion List]
Subject: VPN Clients - No PPTP traffic
I am at a remote site - inwhich which all users
connect to the main office via individual VPN clients (temp situation
for next 2 months). After approx 20 minutes, no traffic seems to go
through the PPTP tunnel.
If I disconnect, then re-connect all works well.
I don't know if one of the ISA boxes are to blame.
My laptop is also connected to the main office,
with the same applications opened and I have no problems.
Main Office Firewall: Windows 2003, ISA 2004.
Remote Office Firewall: Windows 2003, ISA 2000.
Help! Please Help!
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: jdanielsen@xxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: jdanielsen@xxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts: