RE: VPN and XP $5 Question - a little off topic?
- From: "Friese, Casey" <cfriese@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 21 Feb 2003 08:25:07 -0500
Simply put Bryan, new mail notifications are udp packets. Not getting the
notification indicated udp starvation which is caused by your XP client's
firewall. Yes, it is true that the ISA doesn't inspect tunnel traffic but the
revers isn't true for the client machine. The XP Firewall is still going to
inspect traffic coming to it.
Make sure that your client's are including your domain name when they are
connecting via vpn. Properties -> Options ->
Include Windows Logon Domain.
Then, check your LDT to make sure that your domainname.com (or .org, .net) is
listed in there.
I had this same issue in house but even if the ICF was disabled on the XP
machines.
Alternatively you could stop E2K from sending udp packets for notifications and
switch it to use RPC but that gets messy.
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 20, 2003 11:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off topic?
http://www.ISAserver.org
Hi Bryan,
Its because the new mail notfiications are unsolicited inbound requests.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Bryan Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 20, 2003 7:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off topic?
http://www.ISAserver.org
Well I need to keep a firewall in place (and this issue does go away
when disabling it).
At the end of the day here - I am just trying to figure out why I can
map a drive from my office to my home (that is connected via vpn), yet
Exchange cannot alert the same client that a new email has come in.
Seems to me RPC is allowed since I can ping and map drives to it.
My Config:
VPN adapter - no firewall
Network adapter - Firewall enabled.
Thanks All!
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, February 19, 2003 8:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off
topic?
http://www.ISAserver.org
Hi Bryan,
Disable ICF and see if that helps.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Bryan Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, February 19, 2003 7:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off topic?
http://www.ISAserver.org
Sorry to drag this on... what about the XP firewall... shouldn't the
tunnel bypass that as well?
Again I can map a drive to my home pc (from work) when the vpn is still
in place (I leave my vpn on pretty much all the time - even when I leave
and go to work).
This would indicate to me that exchange should be able to get to it...
unless it's a matter of exchange not knowing where it is. Do VPN clients
register dynamically in the dns? Does this perhaps have something to do
with this?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 18, 2003 9:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off
topic?
http://www.ISAserver.org
Hi Bryan,
That is correct. Anything going through the tunnel is not inspected by
ISA Server.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Bryan Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 18, 2003 7:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off topic?
http://www.ISAserver.org
Alas outlook 2002 is imo a pig that takes twice as long to communicate
with E2K giving those horrible messages about delays, etc.
So, maybe this is a stupid question, but is my firewall blocking any
traffic between my client and ISA? I was under the impression that a
tunnel precluded any firewall rules...
Thanks for the response!
-----Original Message-----
From: Tom Mendelboim [mailto:tomerm1@xxxxxxx]
Sent: Tuesday, February 18, 2003 1:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN and XP $5 Question - a little off
topic?
http://www.ISAserver.org
It's not your ISA VPN connection. Outlook 2K requires a few ports to be
open. You will need to research which port controls the mail
notification. You can run a sniffer to see which ports Exchange is
trying to communicate with at the client interface. This problem was
resolved with Outlook 2002.
Tom
-----Original Message-----
From: Bryan Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
Sent: Monday, February 17, 2003 8:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN and XP $5 Question - a little off topic?
http://www.ISAserver.org
We have users that connect via XP Pro at their home with the built in
firewall running. They use their Outlook 2000 client to connect to
exchange over vpn. Their outlook will not see a new message unless they
click around... If we turn off the xp firewall, they see messages
immediately as they come in as Exchange and mapi normally do.
Is there something we can do here? Its not that big of a deal but still
a nuisance...
I know that this may not be directly related - but I thought perhaps
someone has ran into this with their ISA VPN trials of life...
Thanks for any thoughts!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cfriese@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
