[isalist] Re: ISA 2004 > SSL-VPN > Terminal Services

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 9 Oct 2007 08:28:39 -0700

http://www.ISAserver.org
-------------------------------------------------------

Yep - he did say that, didn't he :-p?
He should probably use server publishing for this...

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Tuesday, October 09, 2007 7:11 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services

http://www.ISAserver.org
-------------------------------------------------------

Looks like an SSL VPN he's using, so it *should* only required inbound
TCP port 443.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)



> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Tuesday, October 09, 2007 8:43 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Is the Sonicwall using PPTP or IPSec?
> For IPSec, only IPSec NAT-T can pass through a NAT path, such
> as a default ISA installation.
> PPTP has no such limitation, _but_ if the Sonicwall or the
> client misuse the PPTP protocol, the ISA PPTP filter will
> break the connection.
>
> Tom; surely you're not siuggesting that he disable PMTU
> discovery?  That's exactly what the article instructs...
> If this is a clean ISA 2006 installation, you _shouldn't_
> have to mess with that value, since ISA stopped messing with
> it as of SP3 (includes ISA 20006).  If you do a live search
> for "isa enablepmtudiscovery", you'll find lots of blogs,
> articles, etc. that discuss this one.
>
> Jim
> ________________________________________
> From: isalist-bounce@xxxxxxxxxxxxx
> [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> [tshinder@xxxxxxxxxxx]
> Sent: Tuesday, October 09, 2007 4:39 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi Joseph,
>
> By default, fragmented packets are allowed, however you do have the
> option to block them.
>
> You can also enable PMTU discovery on the ISA Firewall by configuring
> the Registry
>
> http://www.microsoft.com/technet/community/columns/cableguy/cg
> 0704.mspx
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> > Sent: Monday, October 08, 2007 2:11 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] ISA 2004 > SSL-VPN > Terminal Services
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > I have an ISA 2004 in front of an SSL-VPN (SonicWall) box for the
> > purposes of publishing Terminal Services and File Shares.
> >
> > However, when I called SonicWall Tech support to report that the TS
> > sessions were terminating with "Internal Protocol Error"
> > messages - they
> > asked me to check: 1) the MTU limits and 2) If I'm allowing
> fragmented
> > packets.
> >
> > Can someone please tell me how I can check that on the ISA server?
> >
> > I greatly appreciate the help.
> >
> > Joseph Danielsen
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
    • From: Thomas W Shinder

Other related posts:

• » [isalist] ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services
• » [isalist] ISA 2004 > SSL-VPN > Terminal Services

1. Home
2. isalist
3. Archive
4. 10-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---