Re: ISA VPN problem
- From: "Joe Pochedley" <JoePochedley@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 23 Apr 2003 15:37:19 -0400
George,
How did you enable VPN through ISA? If you just ran the wizard to
"Enable VPN through ISA" then you enabled incoming VPN through the ISA
server and it sounds like you want outbound VPN through ISA to another
network, correct?
You need to find out what ports the VPN client needs open to access the
external VPN, then you need to open them for outbound access on your ISA
server... Your internal clients will probably also need to run as SNAT
clients as I doubt the FW Client will work with an outbound VPN
connection. Then you can set up IE on those clients as a Proxy Client
and still control their web surfing if you need to (lock down IE to keep
them from changing the Proxy settings if you must).
HTH
JoeP
_____
From: Hawk N [mailto:hawkeeman@xxxxxxxxxxx]
Sent: Wednesday, April 23, 2003 7:55 AM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
First, thanks for your reply,
I did try yesterday to just to use natting but it didn't work, today I
tried something, Stopped the firewall client on the client work station,
and opened the VPN connection using the ISA as gateway, It worked!!!
But this way I lost control in the users and to what they acces on the
internet?
I read the article posted in the isa.org about forcing VPN connection to
pass thru the proxy firewall but it didn't work... I coulsn't open the
http site after establishing the connection.
One more problem I worked around it, when I enabled the VPN thru ISA,
which automatically turn on Routing and Remote Access service on the
server; if I restart the server, the ISA firewall service will stop and
not start? I checked the errors in the Event Viewer, the only thing I
could get from the knowledge base is that it is about certificates,
while I am not using certificates at all when using VPN or any other
connection.
What I did is? i stoped the Routing and Remote Access Service, start
firewall service, then start the routing and remote access again.
is there a better way to fix this problem also?
Thanks
George
>From: "PETER PAPE"
>Reply-To: "[ISAserver.org Discussion List]"
>To: "[ISAserver.org Discussion List]"
>Subject: [isalist] Re: ISA VPN problem
>Date: Tue, 22 Apr 2003 17:44:31 +0000
>
>http://www.ISAserver.org
>
>
>Is your browswer acting as a Web Proxy Client? Either explicitly or
>via the http re-director. If that is the case, the ISA server would
>need to establish the VPN connection and access the page. Or if
>policy permits, turn off Web Proxy Client in the browser and make
>sure http requests are sent directly to server, not the Web Proxy
>Service.
>
>
>
>
>
>
>>From: "George"
>>Reply-To: "[ISAserver.org Discussion List]"
>>To: "[ISAserver.org Discussion List]"
>>Subject: [isalist] ISA VPN problem
>>Date: Tue, 22 Apr 2003 09:23:47 -0600
>>
>>http://www.ISAserver.org
>>
>>
>>I have a problem with the VPN Connection over ISA server.
>>Here is the setting:
>>My clients is on same lan of the isa server internal interface, I
>>want to
>>make them open a VPN connection to VPN server outside my network
>>using the
>>internet.
>>I configured the ISA server to allow VPN connections and It is
>>succussfuly
>>done, the problem is that the website I am trying to connect to
>>provided
>>by the VPN company my client is connected; is not opening, I am
>>getting
>>the message code 10060, which is a time out message from the ISA
>>server.
>>I tried many things, changing router metric gateways, firewall
>>client or
>>secureNat clients, nothing, still getting the timeout message.
>>i Don't care about internet browsing, I just want to open this
>>website
>>over the VPN connection passing thry my ISA server.
>>any suggestions?????
>>
>>------------------------------------------------------
>>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>>ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>>ISA Server FAQ:
>>http://www.isaserver.org/pages/larticle.asp?type=FAQ
>>------------------------------------------------------
>>Exchange Server Resource Site: http://www.msexchange.org/
>>Windows Security Resource Site: http://www.windowsecurity.com/
>>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>>------------------------------------------------------
>>You are currently subscribed to this ISAserver.org Discussion List
>>as: papexpjboi@xxxxxxx
>>To unsubscribe send a blank email to
>>$subst('Email.Unsub')
>
>
>_________________________________________________________________
>STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Exchange Server Resource Site: http://www.msexchange.org/
>Windows Security Resource Site: http://www.windowsecurity.com/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List
>as: hawkeeman@xxxxxxxxxxx
>To unsubscribe send a blank email to
>$subst('Email.Unsub')
_____
The new MSN 8: <http://g.msn.com/8HMKEN/2737> smart spam protection and
2 months FREE* ------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
