Hi Guinn, What happens when you do a tracert from the client to the VPN servers address when its not working? The fact that it works sometimes, but not other times, indicates that its not an ISA firewall issue, but something to do with the underlying network infrastructure. It could be something as simple as the VPN server admin not supplying enough addresses or ports for all the VPN clients they want to support. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx] Sent: Tuesday, December 07, 2004 1:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org Tom, It is configured for PPTP. It works some of the time, just not consistently. And it works on some machines more consistently than others! I looked up the definitions, and we are definitely using SecureNAT. Guinn -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, December 07, 2004 12:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org Hi Guinn, Sounds like you're using PPTP then. Have you configure the ISA firewall to support PPTP passthrough? IIRC (and its been a while since I've configured an ISA Server 2000 firewall), you right click on the packet filters node and click the last tab in the Properties dialog box. Also, make sure you're configured as a SecureNAT client, and you should be good to go. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx] Sent: Tuesday, December 07, 2004 12:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org Tom, 1. The VPN protocol is set to automatic. I just created the connection using the XP wizard. 2. The server I am calling is a Windows 2000 Advanced server. 3. There's no firewall client installed. And I'm pretty sure we're not using a Web Proxy. (This was set up by someone else for me, so please excuse my ignorance.) Actually, I don't get disconnected; I never get connected. (Except when it works!!) I don't think their connection is flaky. It is being used by a number of people, and I'm the only one having problems. (And I'm only having problems from my office.) I have been working this morning with the client's network person. He did some things to get the security levels as low as possible, but still no connection from the machine I need. (Which was able to connect yesterday.) What else can I tell you? I really appreciate your help. Guinn -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, December 07, 2004 11:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org HI Guinn, OK, we're getting closer! So, you're calling a third party VPN server from a VPN client behind an ISA Server 2000 firewall. So, we need definitive answers to the following: 1. What VPN protocol are you using? 2. What VPN server are you calling? Do they fully support the VPN protocol you're using? 3. You need to be sure re: the ISA client type. SecureNAT, Firewall client and/or Web Proxy (actually, we only really need to know about Firewall client) When you get disconnected, what to the tracerts look like to the destination network? Could be that they're using a flakey connection and that's dropping the VPN link. I've never had connectivity problems with my VPN clients from behind ISA firewall unless their was some network problem, so I don't think it's the ISA firewall, but details will help. HTH, Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx] Sent: Tuesday, December 07, 2004 10:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org Tom, Dedicated T1. SecureNAT (I think) TCP/IP Third party VPN server. Guinn ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, December 07, 2004 10:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org Hi Guinn, What type of connection do you have to the Internet? What client type is the VPN client machine? (SecureNAT, Web Proxy and/or Firewall client) What VPN protocol are you using? Is this a problem connecting to a third party VPN server, or a problem connecting to your ISA firewall's VPN server from a remote location? Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx] Sent: Tuesday, December 07, 2004 9:49 AM To: [ISAserver.org Discussion List] Subject: [isalist] HELP-Intermittent Outbound VPN Problems http://www.ISAserver.org I am pulling my hair out (and I don't have that much left). I am doing some web development work for a client. I need to VPN into their network in order to connect to their database and SourceSafe repository. The VPN connectivity is incredibly intermittent! I am running ISA 2000 on Windows 2000 on my network at work. Things I know: Other people from outside our company use the VPN and are not having any problems. (It seems to me that this probably rules out problems on the client's end.) From home, via cable modem, I can connect just fine from two machines. (Portable running Windows XP Pro with SP1 and failed SP2, and Windows 2000) (It seems to me this further rules out problems on the client's end.) The connections are very fast. From work, I am sometimes able to connect to the VPN from the same portable mentioned above and sometimes not. (The error is the standard 800 error.) However, even when it works it sometimes takes a couple of minutes to time out and then works on the second try (but not always). From work, another machine running Windows XP SP2 was able to connect yesterday until I rebooted it, then nothing. I still can't connect today. (800 error). From work, a server running Windows 2003 was unable to connect yesterday (error 800) but seems to be able to connect right now. (I'm not optimistic about tomorrow though.) Questions: Is this likely to be an ISA problem? If so, is there some methodical way I can troubleshoot what is going on? If not, any other ideas? BTW, I am a developer, not much of a network person, so detailed help or directions to other resources would be appreciated. Thanks. Guinn Unger Unger Technologies, Inc. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mlists@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mlists@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx