Re: PPTP Filtering

• From: Joe Pochedley <JoePochedley@xxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 8 Nov 2001 09:21:18 -0500

You need to put the DNS server information that you want the RRAS clients to
get on the Internal Interface of your RRAS/ISA server...  Check out the
tutorial I posted below from isaserver.org, it's all explained there in
detail.

HTH

JoeP

-----Original Message-----
From: Mike Carlson [mailto:domitianx@xxxxxxxxxxxxx] 
Sent: Wednesday, November 07, 2001 12:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


So do I have to manually put the DNS servers in the connectoid or can I
somehow make DHCP give the VPN clients DNS information? The DHCP server has
the DNS entries and my local clients get DNS server IPs from the DHCP
server, its just the VPN clients do not.

Thanks,
Mike

-----Original Message-----
From: Joe Pochedley [mailto:JoePochedley@xxxxxxxxx] 
Sent: Wednesday, November 07, 2001 11:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


Ex2k/Active Directory relies very heavily on DNS (sorry, meant to include a
Ex2k section in my original response, but got distracted)... Fix the DNS
resolution issue, and you'll probably fix everything else...

JoeP

-----Original Message-----
From: Mike Carlson [mailto:domitianx@xxxxxxxxxxxxx] 
Sent: Wednesday, November 07, 2001 10:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


I have WINS setup. If I do ipconfig /all on the client they are getting the
correct WINS information. I did notice that they are not getting the DNS
information. IPCONFIG shows WINS servers but not the DNS servers. The
clients connect pretty quick and get authenticed pretty quick even on 56K
connections, the speed after that connecting to exchange or browsing the
network is horrible.

I am using ex2k sp1 and Outlook 2000 and 20002.

Mike

-----Original Message-----
From: Joe Pochedley [mailto:JoePochedley@xxxxxxxxx] 
Sent: Wednesday, November 07, 2001 9:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


The important thing to remember though, is that even though the RRAS
(VPN) clients are getting their addresses from "DHCP", they're not getting
the name server information from the actual DHCP server...

Check out
http://www.isaserver.org/shinder/tutorials/configuring_ISA_for_inbound_V
PN.h
tm (link may wrap)

Outlook and Exchange 5.5 (you didn't say what version of Exch. You're
referring to) need proper netbios name resolution to work well.  If you
don't have a WINS server accessible to the RRAS client, Exchange is gonna
run like garbage.

-----Original Message-----
From: Mike Carlson [mailto:domitianx@xxxxxxxxxxxxx] 
Sent: Tuesday, November 06, 2001 10:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


I have all the setting is being provided by my DHCP server. They are getting
DNS/WINS server information. The IP the clients are getting is part of the
lat.

Mike

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, November 06, 2001 9:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


Hhmmm, network browsing - my favorite subject..

If you perform an ipconfig on the VPN client, does it show any name
resolution IPs (DNS / WINS)? What IP are you assigning to the dial-in
client; internal or public? Are the dial-in clients IPs part of the LAT?

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG


----- Original Message -----
From: "Mike Carlson" <domitianx@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, November 06, 2001 18:59
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


I am referring to when you right click on IP Packet Filters and select
properties then select the IP tab.

I cant browse the lan behind the VPN from the remote connection.

If I go to run and do a \\boxname it takes for ever to even prompt me for a
username let alone browse the shares.

It takes about 15 minutes for outlook to connect to the exchange box behind
the vpn. Usually it times out a couple times first.

Everything internal is fine and I can consistenly download off the web at
100k to 200k from behind the ISA box and on the remote box.

Mike

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, November 06, 2001 8:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: PPTP Filtering


http://www.ISAserver.org


If you're referring to the "Allow PPTP through the firewall" setting, then
that has no bearing on the ISA-terminate VPN connection. What exactly is
slow about the connection?

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG


----- Original Message -----
From: "Mike Carlson" <domitianx@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, November 06, 2001 18:04
Subject: [isalist] PPTP Filtering


http://www.ISAserver.org


Do I need to enable PPTP filtering? I have setup the VPN but the performance
is utterly slow and I was wondering if that had something to do with it.

Can someone explain what PPTP filtering does in ISA?

Thanks,

********************
Mike Carlson
domitianx@xxxxxxxxxxxxx
http://www.domitianx.com
********************

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering
• » Re: PPTP Filtering

1. Home
2. isalist
3. Archive
4. 11-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---