http://www.ISAserver.org ------------------------------------------------------- Yep - he did say that, didn't he :-p? He should probably use server publishing for this... -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, October 09, 2007 7:11 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services http://www.ISAserver.org ------------------------------------------------------- Looks like an SSL VPN he's using, so it *should* only required inbound TCP port 443. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Tuesday, October 09, 2007 8:43 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services > > http://www.ISAserver.org > ------------------------------------------------------- > > Is the Sonicwall using PPTP or IPSec? > For IPSec, only IPSec NAT-T can pass through a NAT path, such > as a default ISA installation. > PPTP has no such limitation, _but_ if the Sonicwall or the > client misuse the PPTP protocol, the ISA PPTP filter will > break the connection. > > Tom; surely you're not siuggesting that he disable PMTU > discovery? That's exactly what the article instructs... > If this is a clean ISA 2006 installation, you _shouldn't_ > have to mess with that value, since ISA stopped messing with > it as of SP3 (includes ISA 20006). If you do a live search > for "isa enablepmtudiscovery", you'll find lots of blogs, > articles, etc. that discuss this one. > > Jim > ________________________________________ > From: isalist-bounce@xxxxxxxxxxxxx > [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > [tshinder@xxxxxxxxxxx] > Sent: Tuesday, October 09, 2007 4:39 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ISA 2004 > SSL-VPN > Terminal Services > > http://www.ISAserver.org > ------------------------------------------------------- > > Hi Joseph, > > By default, fragmented packets are allowed, however you do have the > option to block them. > > You can also enable PMTU discovery on the ISA Firewall by configuring > the Registry > > http://www.microsoft.com/technet/community/columns/cableguy/cg > 0704.mspx > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA > > Sent: Monday, October 08, 2007 2:11 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] ISA 2004 > SSL-VPN > Terminal Services > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > I have an ISA 2004 in front of an SSL-VPN (SonicWall) box for the > > purposes of publishing Terminal Services and File Shares. > > > > However, when I called SonicWall Tech support to report that the TS > > sessions were terminating with "Internal Protocol Error" > > messages - they > > asked me to check: 1) the MTU limits and 2) If I'm allowing > fragmented > > packets. > > > > Can someone please tell me how I can check that on the ISA server? > > > > I greatly appreciate the help. > > > > Joseph Danielsen > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx