RE: Outbound PPTP

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 3 Nov 2004 09:36:41 -0600

Hi Phil,

Could be an MTU issue. Check out what your MTU is using methods
described at www.isaserver.org and other places.

HTH, 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: n1303 [mailto:n1303@xxxxxxxxxxx] 
Sent: Wednesday, November 03, 2004 9:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Outbound PPTP

http://www.ISAserver.org

Hi Tom,

I have DSL with an external BEWAN modem Ethernet.
When I try to etablish a VPN connection with the ISA Server as client,
it 
works fine. The inbound PPTP connection works fine.

I have done the following steps :
- Use the wizard Virtual Private Network Configuration (IP Filter UDP
1700, 
UDP 500, IP 47)
- Routing and remote access, as shown in the VPN kit
- Enable IP routing
- Enable PPTP through ISA Firewall (IP filter IP 47, one more)
- VPN client as SecureNat, disable Firewall

Tests on XP and W2000 VPN client.

Result : always error 800

What could block the VPN outbound PPTP connection ?

Thanks

Phil



At 15:55 03/11/2004, you wrote:
>http://www.ISAserver.org
>
>Hi Phil,
>
>What type of connection are you using on the external interface of the
>ISA firewall?
>
>
>Tom
>www.isaserver.org/shinder
>Tom and Deb Shinder's Configuring ISA Server 2004
>http://tinyurl.com/3xqb7
>MVP -- ISA Firewalls
>
>
>-----Original Message-----
>From: n1303 [mailto:n1303@xxxxxxxxxxx]
>Sent: Wednesday, November 03, 2004 8:01 AM
>To: [ISAserver.org Discussion List]
>Subject: [isalist] RE: Outbound PPTP
>
>http://www.ISAserver.org
>
>Hi Tom,
>
>It seems that  have done every things right, but without any result for
>outbound PPTP.
>I tried without ISA and it works fine. My problem is that I need ISA
>I have something that filter the VPN connection, but I don't find what.
>
>Phil
>
>
>
>At 14:36 03/11/2004, you wrote:
> >http://www.ISAserver.org
> >
> >No user defined filter is required.
> >
> >
> >Tom
> >www.isaserver.org/shinder
> >Tom and Deb Shinder's Configuring ISA Server 2004
> >http://tinyurl.com/3xqb7
> >MVP -- ISA Firewalls
> >
> >
> >-----Original Message-----
> >From: n1303 [mailto:n1303@xxxxxxxxxxx]
> >Sent: Wednesday, November 03, 2004 7:23 AM
> >To: [ISAserver.org Discussion List]
> >Subject: [isalist] RE: Outbound PPTP
> >
> >http://www.ISAserver.org
> >
> >Hi Tom,
> >
> >When PPTP passthrough is enable, IP 47 is automaticlaly allowed. I
have
> >nothing about 1723 in the IP filter
> >
> >
> >I try  this filter :
> >Outbound
> >Local port : Dynamic
> >Distant port : Fixed port - 1723
> >
> >I will tell you, if it works
> >
> >Thanks
> >
> >Phil
> >
> >
> >
> >
> >t 14:03 03/11/2004, you wrote:
> > >http://www.ISAserver.org
> > >
> > >Hi Phil,
> > >
> > >When you enable PPTP passthrough, outbound 1723 and IP 47 are
> > >automaticlaly allowed.
> > >
> > >HTH,
> > >
> > >
> > >Tom
> > >www.isaserver.org/shinder
> > >Tom and Deb Shinder's Configuring ISA Server 2004
> > >http://tinyurl.com/3xqb7
> > >MVP -- ISA Firewalls
> > >
> > >
> > >-----Original Message-----
> > >From: n1303 [mailto:n1303@xxxxxxxxxxx]
> > >Sent: Wednesday, November 03, 2004 6:46 AM
> > >To: [ISAserver.org Discussion List]
> > >Subject: [isalist] RE: Outbound PPTP
> > >
> > >http://www.ISAserver.org
> > >
> > >Hi Tom,
> > >
> > >In the VPN kit I can read :
> > >
> > >Configure the ISA Server firewall to perform PPTP passtrough
> > >A special combination application filter/packet filter enables
>passing
> > >GRE
> > >(IP Protocol 47) and TCP port 1723 through the ISA server firewall
to
> > >the
> > >PPTP VPN server on the Internet. IP Packet filters normally do not
> >apply
> > >to
> > >internal network clients.
> > >
> > >IP 47 is all right
> > >What can I do with TCP port 1723, if needed ?
> > >
> > >I do strictly the same thing as shown in the kit, but without
result
> >for
> > >
> > >outbound PPTP.
> > >
> > >Thanks
> > >
> > >Phil
> > >
> > >
> > >At 13:33 03/11/2004, you wrote:
> > > >http://www.ISAserver.org
> > > >
> > > >Hi Phil,
> > > >
> > > >Make sure the firewall client is disabled before establishing the
> > > >connection.
> > > >
> > > >Other than that, you've done everything right.
> > > >
> > > >Check out ISP and other non ISA firewall related issues.
> > > >
> > > >
> > > >Tom
> > > >www.isaserver.org/shinder
> > > >Tom and Deb Shinder's Configuring ISA Server 2004
> > > >http://tinyurl.com/3xqb7
> > > >MVP -- ISA Firewalls
> > > >
> > > >
> > > >-----Original Message-----
> > > >From: n1303 [mailto:n1303@xxxxxxxxxxx]
> > > >Sent: Wednesday, November 03, 2004 6:21 AM
> > > >To: [ISAserver.org Discussion List]
> > > >Subject: [isalist] RE: Outbound PPTP
> > > >
> > > >http://www.ISAserver.org
> > > >
> > > >Hi Tom,
> > > >
> > > >I try VPN client configured as a SecureNAT client as well as a
> >Firewall
> > > >client
> > > >PPTP passthrough enabled on 2000 ISA firewall - OK
> > > >IP Routing enabled - OK
> > > >
> > > >I always get error 800 (impossible to etablish VPN connexion)
> > > >
> > > >My configuration ISA 2000, SP1, integrated mode, W2k server SP2
> > > >
> > > >I have no more idea
> > > >
> > > >Thanks in advance
> > > >
> > > >Phil
> > > >
> > > >
> > > >
> > > >
> > > >At 12:35 03/11/2004, you wrote:
> > > > >http://www.ISAserver.org
> > > > >
> > > > >Hi Phil,
> > > > >
> > > > >Only requirements for outbound PPTP:
> > > > >
> > > > >1. Machine is firewall client
> > > > >2. PPTP passthrough enabled on 2000 ISA firewall
> > > > >3. IP Routing enabled
> > > > >
> > > > >That's it. The rest is layer 1/2 and layer 8.
> > > > >
> > > > >HTH,
> > > > >
> > > > >
> > > > >Tom
> > > > >www.isaserver.org/shinder
> > > > >Tom and Deb Shinder's Configuring ISA Server 2004
> > > > >http://tinyurl.com/3xqb7
> > > > >MVP -- ISA Firewalls
> > > > >
> > > > >
> > > > >-----Original Message-----
> > > > >From: n1303 [mailto:n1303@xxxxxxxxxxx]
> > > > >Sent: Wednesday, November 03, 2004 4:30 AM
> > > > >To: [ISAserver.org Discussion List]
> > > > >Subject: [isalist] Outbound PPTP
> > > > >
> > > > >http://www.ISAserver.org
> > > > >
> > > > >Hi All,
> > > > >
> > > > >My inbound PPTP to ISA works fine but outbound PPTP from
internet
> > > > >network
> > > > >does not.
> > > > >
> > > > >I read the VPN kit and I have the following :
> > > > >- VPN internal client (XP) is configured as firewall
> > > > >- IP routing is enabled
> > > > >- PPTP passthrough is enabled (the filter SecureNAT PPTP is OK)
> > > > >
> > > > >But it doesn't work !
> > > > >
> > > > >What about TCP 1723 ? Must i do something ?
> > > > >
> > > > >Any idea would be appreciate
> > > > >
> > > > >Phil
> > > > >
> > > > >
> > > > >
> > > > >------------------------------------------------------
> > > > >List Archives:
>http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > >ISA Server Newsletter:
> >http://www.isaserver.org/pages/newsletter.asp
> > > > >ISA Server FAQ:
> >http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > >------------------------------------------------------
> > > > >Other Internet Software Marketing Sites:
> > > > >World of Windows Networking: http://www.windowsnetworking.com
> > > > >Leading Network Software Directory: http://www.serverfiles.com
> > > > >No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > >Windows Security Resource Site: http://www.windowsecurity.com/
> > > > >Network Security Library: http://www.secinf.net/
> > > > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > >------------------------------------------------------
> > > > >You are currently subscribed to this ISAserver.org Discussion
>List
> > >as:
> > > > >tshinder@xxxxxxxxxxxxxxxxxx
> > > > >To unsubscribe visit
> > > >http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > > >
> > > > >------------------------------------------------------
> > > > >List Archives:
>http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > >ISA Server Newsletter:
> >http://www.isaserver.org/pages/newsletter.asp
> > > > >ISA Server FAQ:
> >http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > >------------------------------------------------------
> > > > >Other Internet Software Marketing Sites:
> > > > >World of Windows Networking: http://www.windowsnetworking.com
> > > > >Leading Network Software Directory: http://www.serverfiles.com
> > > > >No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > >Windows Security Resource Site: http://www.windowsecurity.com/
> > > > >Network Security Library: http://www.secinf.net/
> > > > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > >------------------------------------------------------
> > > > >You are currently subscribed to this ISAserver.org Discussion
>List
> > >as:
> > > > >n1303@xxxxxxxxxxx
> > > > >To unsubscribe visit
> > > >http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >------------------------------------------------------
> > > >List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> > > >ISA Server FAQ:
>http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > >------------------------------------------------------
> > > >Other Internet Software Marketing Sites:
> > > >World of Windows Networking: http://www.windowsnetworking.com
> > > >Leading Network Software Directory: http://www.serverfiles.com
> > > >No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > >Windows Security Resource Site: http://www.windowsecurity.com/
> > > >Network Security Library: http://www.secinf.net/
> > > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > >------------------------------------------------------
> > > >You are currently subscribed to this ISAserver.org Discussion
List
> >as:
> > > >tshinder@xxxxxxxxxxxxxxxxxx
> > > >To unsubscribe visit
> > >http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >
> > > >------------------------------------------------------
> > > >List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> > > >ISA Server FAQ:
>http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > >------------------------------------------------------
> > > >Other Internet Software Marketing Sites:
> > > >World of Windows Networking: http://www.windowsnetworking.com
> > > >Leading Network Software Directory: http://www.serverfiles.com
> > > >No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > >Windows Security Resource Site: http://www.windowsecurity.com/
> > > >Network Security Library: http://www.secinf.net/
> > > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > >------------------------------------------------------
> > > >You are currently subscribed to this ISAserver.org Discussion
List
> >as:
> > > >n1303@xxxxxxxxxxx
> > > >To unsubscribe visit
> > >http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >------------------------------------------------------
> > >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > >ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > >------------------------------------------------------
> > >Other Internet Software Marketing Sites:
> > >World of Windows Networking: http://www.windowsnetworking.com
> > >Leading Network Software Directory: http://www.serverfiles.com
> > >No.1 Exchange Server Resource Site: http://www.msexchange.org
> > >Windows Security Resource Site: http://www.windowsecurity.com/
> > >Network Security Library: http://www.secinf.net/
> > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > >------------------------------------------------------
> > >You are currently subscribed to this ISAserver.org Discussion List
>as:
> > >tshinder@xxxxxxxxxxxxxxxxxx
> > >To unsubscribe visit
> >http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > >------------------------------------------------------
> > >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > >ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > >------------------------------------------------------
> > >Other Internet Software Marketing Sites:
> > >World of Windows Networking: http://www.windowsnetworking.com
> > >Leading Network Software Directory: http://www.serverfiles.com
> > >No.1 Exchange Server Resource Site: http://www.msexchange.org
> > >Windows Security Resource Site: http://www.windowsecurity.com/
> > >Network Security Library: http://www.secinf.net/
> > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > >------------------------------------------------------
> > >You are currently subscribed to this ISAserver.org Discussion List
>as:
> > >n1303@xxxxxxxxxxx
> > >To unsubscribe visit
> >http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >------------------------------------------------------
> >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >------------------------------------------------------
> >Other Internet Software Marketing Sites:
> >World of Windows Networking: http://www.windowsnetworking.com
> >Leading Network Software Directory: http://www.serverfiles.com
> >No.1 Exchange Server Resource Site: http://www.msexchange.org
> >Windows Security Resource Site: http://www.windowsecurity.com/
> >Network Security Library: http://www.secinf.net/
> >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List
as:
> >tshinder@xxxxxxxxxxxxxxxxxx
> >To unsubscribe visit
>http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> >------------------------------------------------------
> >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >------------------------------------------------------
> >Other Internet Software Marketing Sites:
> >World of Windows Networking: http://www.windowsnetworking.com
> >Leading Network Software Directory: http://www.serverfiles.com
> >No.1 Exchange Server Resource Site: http://www.msexchange.org
> >Windows Security Resource Site: http://www.windowsecurity.com/
> >Network Security Library: http://www.secinf.net/
> >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List
as:
> >n1303@xxxxxxxxxxx
> >To unsubscribe visit
>http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>World of Windows Networking: http://www.windowsnetworking.com
>Leading Network Software Directory: http://www.serverfiles.com
>No.1 Exchange Server Resource Site: http://www.msexchange.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Network Security Library: http://www.secinf.net/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>tshinder@xxxxxxxxxxxxxxxxxx
>To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
>Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>World of Windows Networking: http://www.windowsnetworking.com
>Leading Network Software Directory: http://www.serverfiles.com
>No.1 Exchange Server Resource Site: http://www.msexchange.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Network Security Library: http://www.secinf.net/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as: 
>n1303@xxxxxxxxxxx
>To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
>Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Outbound PPTP
• » Re: Outbound PPTP
• » Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE: Outbound PPTP
• » RE:Outbound PPTP
• » RE:Outbound PPTP
• » RE:Outbound PPTP
• » RE:Outbound PPTP
• » RE:Outbound PPTP
• » RE:Outbound PPTP

1. Home
2. isalist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---