RE: Filtering on VPN tunnels?

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 19 Apr 2003 12:04:22 -0500

Hi Tiago,
 
Just for fun, check out the RRAS packet filters. I'll be doing some
heavy duty research into these scenarios beginning next week, with
mixing and matching Win2003 and Win2k VPN servers and gateways. I'm sure
I'll be able to get the to bottom of the problem. Once I do, I'll share
it with everyone on the list.
 
Thanks!
Tom
Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 
        -----Original Message-----
        From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] 
        Sent: Wednesday, April 16, 2003 3:41 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Filtering on VPN tunnels?
        
        
        http://www.ISAserver.org
        
        
        Guys,
         
        I have a router-to-router VPN with my Branch Office (that which
has PPPoE DSL). Here in my HQ I have a Windows 2003 server with ISA
server, in the branch office I have Windows 2000 server.
         
        Ever since I migrated to 2003 Server, my branch office cannot
open RDP (terminal services) connections, Open Outlook clients and map
network drives here in the HQ. as far as I know, tunnel traffic was only
inspected before SP1, right?
         
        The workstations that won't do these tasks can be ping'ed, they
can open SMTP sessions here in the HQ, both sides of the network can see
each other, I can VNC any workstation on the branch office, but none of
these symptoms happen locally on the server. All workstations use the
RRAS server as the default gateway and everything, and I have all the
necessary static routes created.
         
        Well, I noticed that they only do tasks for which I have IP
packet filters created for (ICMP, HTTP, and SMTP). But this shouldn't
have anything to do with it, should it?
         
        On the Windows 2003 configuration, is there anything else that
should be configured specifically for it? I applied SP1 as it requested,
but I can't remember anything else that should be done.
         
        Any ideas for this issue?
         
        Tiago de Aviz
        IT Consultant
        MCP-CNA-AIX-CCNA-CCDA
        --------------------------------
        www.softsell.com.br
        tiago@xxxxxxxxxxxxxxx
        --------------------------------

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 04-2003