[isalist] Re: Outgoing VPN...

  • From: Jim Harrison <Jim@xxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 22 Jan 2008 18:12:48 -0800

http://www.ISAserver.org
-------------------------------------------------------

You can't authenticate outbound VPN because:
1. VPN traffic is not handled by the web proxy
2. the ISA FWC is required to authenticate non-web proxy traffic
3. the ISA FWC only handles TCP and UDP and that only for traffic processed by 
Winsock
4. PPTP includes IP-47 (GRE), which is neither TCP nor UDP

Thus, you can't authenticate PPTP traffic.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Tom Rogers
Sent: Tuesday, January 22, 2008 1:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Outgoing VPN...

But why can you NOT specify a subset of users?


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
        Sent: Tuesday, January 22, 2008 3:57 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Outgoing VPN...



        Tada :)



        t



        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
        Sent: Tuesday, January 22, 2008 12:50 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Outgoing VPN...



        I double checked the user list and I had a subset of users allowed for 
this rule (not All Users) - when I changed to ALL USERS, I am now connected to 
the remote VPN !



________________________________

                From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
                Sent: Tuesday, January 22, 2008 3:06 PM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Re: Outgoing VPN...

                Hey Tom - are you sure it's PPTP and not LT2P?  What does the 
log say when you attempt the connection?

                t



                From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers
                Sent: Tuesday, January 22, 2008 11:55 AM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Outgoing VPN...



                Trying to get an outgoing VPN connection to work through ISA 
2006 on a W2K3 SP2 server. I have the outbound access rule setup as...



                VPN Outbound

                Allow

                PPTP

                GRE (VPN) - [User-Defined, IP-Level 47 Send Recv]

                From - Internal

                To - External

                All Users

                Always

                All Content Type.



                I have disabled the Firewall Client software, removed the ISA 
settings in IE Connections, and set my PC up as a SecureNAT Client. It now 
takes alot longer to fail now, before I made the PC a SecureNAT client, it 
would fail immediately.



                Currently I am getting an 800 Error.



                I bypassed the ISA 2006 server and was able to make the 
connection immediately with no issues.



                Any advice would be appreciated.



                TIA,



                -TRogers





------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2008