[isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 9 Oct 2007 09:11:21 -0500
http://www.ISAserver.org
-------------------------------------------------------
Looks like an SSL VPN he's using, so it *should* only required inbound
TCP port 443.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Tuesday, October 09, 2007 8:43 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Is the Sonicwall using PPTP or IPSec?
> For IPSec, only IPSec NAT-T can pass through a NAT path, such
> as a default ISA installation.
> PPTP has no such limitation, _but_ if the Sonicwall or the
> client misuse the PPTP protocol, the ISA PPTP filter will
> break the connection.
>
> Tom; surely you're not siuggesting that he disable PMTU
> discovery? That's exactly what the article instructs...
> If this is a clean ISA 2006 installation, you _shouldn't_
> have to mess with that value, since ISA stopped messing with
> it as of SP3 (includes ISA 20006). If you do a live search
> for "isa enablepmtudiscovery", you'll find lots of blogs,
> articles, etc. that discuss this one.
>
> Jim
> ________________________________________
> From: isalist-bounce@xxxxxxxxxxxxx
> [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> [tshinder@xxxxxxxxxxx]
> Sent: Tuesday, October 09, 2007 4:39 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi Joseph,
>
> By default, fragmented packets are allowed, however you do have the
> option to block them.
>
> You can also enable PMTU discovery on the ISA Firewall by configuring
> the Registry
>
> http://www.microsoft.com/technet/community/columns/cableguy/cg
> 0704.mspx
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> > Sent: Monday, October 08, 2007 2:11 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] ISA 2004 > SSL-VPN > Terminal Services
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > I have an ISA 2004 in front of an SSL-VPN (SonicWall) box for the
> > purposes of publishing Terminal Services and File Shares.
> >
> > However, when I called SonicWall Tech support to report that the TS
> > sessions were terminating with "Internal Protocol Error"
> > messages - they
> > asked me to check: 1) the MTU limits and 2) If I'm allowing
> fragmented
> > packets.
> >
> > Can someone please tell me how I can check that on the ISA server?
> >
> > I greatly appreciate the help.
> >
> > Joseph Danielsen
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
