RE: VPN Clients - No PPTP traffic

Hi Joseph,
 
If there is a VPN fix, then go for it. There are a number of things that
you bang your head up against from today until doomsday, but if there is
something that indicates a hotfix will work, you might want to take
advantage of it.
 
I seem to recall, in the distant recesses of my aged memory, that there
was a problem like this with PPTP, but was fixed when using L2TP/IPSec.
This was ISA 2000. It might have been fixed in ISA2k SP2.
 
When you say the NAT function on the router is turned off, are you
saying that its just acting are a regular router, without traffic
filtering at all? 
 
Also could be an MTU issue, but that *should* be affecting everyone. 
 
What I'm trying to get at is there is a big playing field of possible
problems and fixes. Would be worth the PSS call -- and I hate to give in
like that, VPN connectivity issues are worth the call if you're not
really jiggy with NetMon or Ethereal and interpreting the traces.
 
HTH,
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] 
        Sent: Thursday, October 27, 2005 3:52 PM
        To: [ISAserver.org Discussion List]
        Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic
        
        
        Tom: for every time you help - a beer is owed. Please pick them
up soon, my truck is getting pretty heavy.
         
        1) Thank you.
        2) Same clients (as it seems).
        3) The ISA has a Netopia DSL modem/router. NAT function has been
turned off. It should be passing through all traffic without translation
or inspection.
        4) The IP addresses: 198.133.170.1, 167.206.5.250,
129.250.163.36, 147.208.132.198, 64.233.179.104 and more.
         
        *** Interesting find, if I execute a continuous ping from the
client to the home server - the connection continues to work fine... so
far ***
         
        I found a few articles - but the closet say to contact MS for a
fix.
         
        Joseph Danielsen: MCSA-Messaging, MCP
        Network Blade Inc.
        49 Marcy Street
        Somerset, NJ 08873
        Phone: 732-259-0201
         
        www.networkblade.com
         

________________________________

        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
        Sent: Thu 10/27/2005 4:31 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: VPN Clients - No PPTP traffic
        
        
        http://www.ISAserver.org
        
        Hi Joseph,
         
        IIRC - If I recall correctly
         
        Are they always the same clients who drop off, or does it vary?
         
        Also, are there any devices, routers or NAT devices in front of
the ISA firewalls?
         
        What address is generating the all port scan attack? I usually
ignore those warnings, but since something is happening here, it worth
checking it out.
         
        Tom
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://spaces.msn.com/members/drisa/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls
        **Who is John Galt?**

         


________________________________

                From: Joseph Danielsen
[mailto:JDanielsen@xxxxxxxxxxxxxxxx] 
                Sent: Thursday, October 27, 2005 2:55 PM
                To: [ISAserver.org Discussion List]
                Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic
                
                
                Thanks Tom!
                I will continue to look for a KB that will help. (what
does IIRC mean?)
                 
                Clients are all XP pro and one 2k Pro using Outlook 2002
(updated and patched).
                 
                Neither ISA shows anything in the System / Application
event logs ...... except for a crap load of :15105 notices
                 "ISA Server detected an all port scan attack from
Internet Protocol (IP) address x.x.x.x"
                 
                Should I be doing something with these source IP
addresses?
                 
                 
                Joseph Danielsen: MCSA-Messaging, MCP
                Network Blade Inc.
                49 Marcy Street
                Somerset, NJ 08873
                Phone: 732-259-0201
                 
                www.networkblade.com
                 

________________________________

                From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
                Sent: Thu 10/27/2005 3:40 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: VPN Clients - No PPTP traffic
                
                
                http://www.ISAserver.org
                
                Hi Joseph,
                 
                It could be the client operating systems. I recall a KB
article that mentioned a fix for PPTP connections that dropped early --
but IIRC, the drops took place after a minute or two.
                 
                What client OS's are they using?
                 
                The Event Viewer on the VPN server usually says why the
connection was dropped, if the VPN server was aware of the droppage.
                 
                Tom
                 
                Thomas W Shinder, M.D.
                Site: www.isaserver.org <http://www.isaserver.org/> 
                Blog: http://spaces.msn.com/members/drisa/
                Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> 
                MVP -- ISA Firewalls
                **Who is John Galt?**

                 


________________________________

                        From: Joseph Danielsen
[mailto:JDanielsen@xxxxxxxxxxxxxxxx] 
                        Sent: Thursday, October 27, 2005 2:31 PM
                        To: [ISAserver.org Discussion List]
                        Subject: VPN Clients - No PPTP traffic
                        
                        
                         
                        
                        I am at a remote site - inwhich which all users
connect to the main office via individual VPN clients (temp situation
for next 2 months). After approx 20 minutes, no traffic seems to go
through the PPTP tunnel.
                         
                        If I disconnect, then re-connect all works well.
I don't know if one of the ISA boxes are to blame.
                         
                        My laptop is also connected to the main office,
with the same applications opened and I have no problems.
                         
                        Main Office Firewall: Windows 2003, ISA 2004.
                        Remote Office Firewall: Windows 2003, ISA 2000.
                         
                        Help! Please Help!

                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Visit TechGenix.com for more information about our other
sites:
                http://www.techgenix.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: jdanielsen@xxxxxxxxxxxxxxxx
                To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                Report abuse to listadmin@xxxxxxxxxxxxx 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: jdanielsen@xxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: