[isalist] Re: VPN over the net
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 23 Mar 2006 07:35:55 -0600
http://www.ISAserver.org
-------------------------------------------------------
No truer words.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Thursday, March 23, 2006 12:06 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN over the net
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> No argument there, but the cause is as important as the effect...
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 6:31 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN over the net
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> OK, that's true.
>
> I can't say for sure without the actual capture, but if you
> combine the
> following:
>
> 1. Clueless admin
> 2. Pattern seen in the capture
> 3. Reported error
>
> I have a guess that fits within a 95% confidence interval.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Wednesday, March 22, 2006 8:28 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: VPN over the net
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Could be - we need to see what's inside the packets; not just
> > a text summary.
> >
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Wednesday, March 22, 2006 18:22
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: VPN over the net
> >
> > Bingo:
> > "98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP",
> > "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0"
> >
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org <http://www.isaserver.org/>
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP
> > -- ISA Firewalls
> >
> >
> >
> >
> > ________________________________
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> > Sent: Wednesday, March 22, 2006 8:14 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: RE: [isalist] Re: VPN over the net
> >
> >
> > Here is a dump off the ISA server just taken now using
> > Ethereal. This time I just used the access rule I created for
> > PPTP and L2PT which gave me the 619 error machine. I looked
> > it up and several sites say that you need to have port 1723
> > option and protocol #47 GRE as well. I don't see any GRE in
> > ISA's protocol list so I am not sure if it's open by
> default or not.
> >
> > "77", "20.354517", "206.248.138.108", "67.69.15.20",
> > "TCP", "60637 > pptp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412"
> > "78", "20.356294", "67.69.15.20", "206.248.138.108",
> > "TCP", "pptp > 60637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
> MSS=1460"
> > "79", "20.708283", "206.248.138.108", "67.69.15.20",
> > "TCP", "60637 > pptp [ACK] Seq=1 Ack=1 Win=65535 Len=0"
> > "80", "20.711863", "206.248.138.108", "67.69.15.20",
> > "PPTP", "Start-Control-Connection-Request"
> > "81", "20.719783", "67.69.15.20", "206.248.138.108",
> > "PPTP", "Start-Control-Connection-Reply"
> > "82", "21.109566", "206.248.138.108", "67.69.15.20",
> > "PPTP", "Outgoing-Call-Request"
> > "83", "21.133715", "67.69.15.20", "206.248.138.108",
> > "PPTP", "Outgoing-Call-Reply"
> > "84", "21.489766", "206.248.138.108", "67.69.15.20",
> > "PPTP", "Set-Link-Info"
> > "85", "21.492862", "206.248.138.108", "67.69.15.20",
> > "PPP LCP", "Configuration Request"
> > "86", "21.514942", "67.69.15.20", "206.248.138.108",
> > "PPP LCP", "Configuration Request"
> > "87", "21.515068", "67.69.15.20", "206.248.138.108",
> > "PPP LCP", "Configuration Ack"
> > "88", "21.687898", "67.69.15.20", "206.248.138.108",
> > "TCP", "pptp > 60637 [ACK] Seq=189 Ack=349 Win=65187 Len=0"
> > "89", "21.881650", "206.248.138.108", "67.69.15.20",
> > "PPP LCP", "Configuration Reject"
> > "90", "21.881897", "67.69.15.20", "206.248.138.108",
> > "PPP LCP", "Configuration Request"
> > "91", "21.982027", "206.248.138.108", "67.69.15.20",
> > "GRE", "Encapsulated PPP"
> > "92", "22.088583", "206.248.138.108", "67.69.15.20",
> > "PPP LCP", "Configuration Ack"
> > "93", "22.089048", "67.69.15.20", "206.248.138.108",
> > "PPTP", "Set-Link-Info"
> > "94", "22.090538", "206.248.138.108", "67.69.15.20",
> > "PPP LCP", "Identification"
> > "95", "22.090965", "206.248.138.108", "67.69.15.20",
> > "PPP LCP", "Identification"
> > "96", "22.092652", "206.248.138.108", "67.69.15.20",
> > "PPTP", "Set-Link-Info"
> > "97", "22.102192", "67.69.15.20", "206.248.138.108",
> > "PPP CHAP", "Challenge"
> > "98", "22.160985", "206.248.138.108", "67.69.15.20",
> > "TCP", "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0"
> >
> > Regards,
> > Andrew
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
