http://www.ISAserver.org ------------------------------------------------------- No truer words. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Thursday, March 23, 2006 12:06 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN over the net > > http://www.ISAserver.org > ------------------------------------------------------- > > No argument there, but the cause is as important as the effect... > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Wednesday, March 22, 2006 6:31 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN over the net > > http://www.ISAserver.org > ------------------------------------------------------- > > OK, that's true. > > I can't say for sure without the actual capture, but if you > combine the > following: > > 1. Clueless admin > 2. Pattern seen in the capture > 3. Reported error > > I have a guess that fits within a 95% confidence interval. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Wednesday, March 22, 2006 8:28 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN over the net > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Could be - we need to see what's inside the packets; not just > > a text summary. > > > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > > Sent: Wednesday, March 22, 2006 18:22 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN over the net > > > > Bingo: > > "98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP", > > "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0" > > > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org <http://www.isaserver.org/> > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > > -- ISA Firewalls > > > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > > Sent: Wednesday, March 22, 2006 8:14 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: RE: [isalist] Re: VPN over the net > > > > > > Here is a dump off the ISA server just taken now using > > Ethereal. This time I just used the access rule I created for > > PPTP and L2PT which gave me the 619 error machine. I looked > > it up and several sites say that you need to have port 1723 > > option and protocol #47 GRE as well. I don't see any GRE in > > ISA's protocol list so I am not sure if it's open by > default or not. > > > > "77", "20.354517", "206.248.138.108", "67.69.15.20", > > "TCP", "60637 > pptp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412" > > "78", "20.356294", "67.69.15.20", "206.248.138.108", > > "TCP", "pptp > 60637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 > MSS=1460" > > "79", "20.708283", "206.248.138.108", "67.69.15.20", > > "TCP", "60637 > pptp [ACK] Seq=1 Ack=1 Win=65535 Len=0" > > "80", "20.711863", "206.248.138.108", "67.69.15.20", > > "PPTP", "Start-Control-Connection-Request" > > "81", "20.719783", "67.69.15.20", "206.248.138.108", > > "PPTP", "Start-Control-Connection-Reply" > > "82", "21.109566", "206.248.138.108", "67.69.15.20", > > "PPTP", "Outgoing-Call-Request" > > "83", "21.133715", "67.69.15.20", "206.248.138.108", > > "PPTP", "Outgoing-Call-Reply" > > "84", "21.489766", "206.248.138.108", "67.69.15.20", > > "PPTP", "Set-Link-Info" > > "85", "21.492862", "206.248.138.108", "67.69.15.20", > > "PPP LCP", "Configuration Request" > > "86", "21.514942", "67.69.15.20", "206.248.138.108", > > "PPP LCP", "Configuration Request" > > "87", "21.515068", "67.69.15.20", "206.248.138.108", > > "PPP LCP", "Configuration Ack" > > "88", "21.687898", "67.69.15.20", "206.248.138.108", > > "TCP", "pptp > 60637 [ACK] Seq=189 Ack=349 Win=65187 Len=0" > > "89", "21.881650", "206.248.138.108", "67.69.15.20", > > "PPP LCP", "Configuration Reject" > > "90", "21.881897", "67.69.15.20", "206.248.138.108", > > "PPP LCP", "Configuration Request" > > "91", "21.982027", "206.248.138.108", "67.69.15.20", > > "GRE", "Encapsulated PPP" > > "92", "22.088583", "206.248.138.108", "67.69.15.20", > > "PPP LCP", "Configuration Ack" > > "93", "22.089048", "67.69.15.20", "206.248.138.108", > > "PPTP", "Set-Link-Info" > > "94", "22.090538", "206.248.138.108", "67.69.15.20", > > "PPP LCP", "Identification" > > "95", "22.090965", "206.248.138.108", "67.69.15.20", > > "PPP LCP", "Identification" > > "96", "22.092652", "206.248.138.108", "67.69.15.20", > > "PPTP", "Set-Link-Info" > > "97", "22.102192", "67.69.15.20", "206.248.138.108", > > "PPP CHAP", "Challenge" > > "98", "22.160985", "206.248.138.108", "67.69.15.20", > > "TCP", "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0" > > > > Regards, > > Andrew > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx