RE: Filtering on VPN tunnels?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2003 22:10:18 -0500
Hi Tiago,
Tunnel traffic is only inspected when the ISA Server establishes a VPN
client link to a VPN server, not when the ISA Server is implemented as a
VPN gateway. The VPN connection client connection from the ISA Server is
very unusual, which I think is done for some bastardized versions of DSL
connections to local ISPs. Not sure what other reasons you would have a
VPN client connection from the ISA Server to a VPN Server for.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Wednesday, April 16, 2003 3:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Filtering on VPN tunnels?
http://www.ISAserver.org
Guys,
I have a router-to-router VPN with my Branch Office (that which
has PPPoE DSL). Here in my HQ I have a Windows 2003 server with ISA
server, in the branch office I have Windows 2000 server.
Ever since I migrated to 2003 Server, my branch office cannot
open RDP (terminal services) connections, Open Outlook clients and map
network drives here in the HQ. as far as I know, tunnel traffic was only
inspected before SP1, right?
The workstations that won't do these tasks can be ping'ed, they
can open SMTP sessions here in the HQ, both sides of the network can see
each other, I can VNC any workstation on the branch office, but none of
these symptoms happen locally on the server. All workstations use the
RRAS server as the default gateway and everything, and I have all the
necessary static routes created.
Well, I noticed that they only do tasks for which I have IP
packet filters created for (ICMP, HTTP, and SMTP). But this shouldn't
have anything to do with it, should it?
On the Windows 2003 configuration, is there anything else that
should be configured specifically for it? I applied SP1 as it requested,
but I can't remember anything else that should be done.
Any ideas for this issue?
Tiago de Aviz
IT Consultant
MCP-CNA-AIX-CCNA-CCDA
--------------------------------
www.softsell.com.br
tiago@xxxxxxxxxxxxxxx
--------------------------------
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
