RE: PPTP through the ISA server
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 31 Mar 2003 22:35:18 -0600
Hi Don,
How about deleting the packet filter?
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Don McCall [mailto:DMcCall@xxxxxxxxxx]
Sent: Monday, March 31, 2003 9:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PPTP through the ISA server
http://www.ISAserver.org
Hi Tom
Yes I tried that too! still does not stop out going PPTP calls...
I have the uneasy feeling that this might be a one way switch (another
undocumented feature). I know that it did not work until I switched it
on...
If any one has any ideas I'd sure appreciate it. I do not want to have
to do a reinstall, I like my work but not that much!!!!
Regards
Don
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, 1 April 2003 1:32 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PPTP through the ISA server
http://www.ISAserver.org
Hi Don,
From what I know, the only thing that happens when you check the
checkbox for outbound PPTP is that it creates the SecureNAT PPTP packet
filter. Try disabling the packet filter and see what happens.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Don McCall [mailto:DMcCall@xxxxxxxxxx]
Sent: Sunday, March 30, 2003 3:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PPTP through the ISA server
http://www.ISAserver.org
Hi Tom,
Thanks for that information, I WAS blissfully unaware that anyone could
PPTP out even when their PC was not a part of the Domain.... So I
decided to turn it off... Problem is it appears that you cannot turn it
off again!!!!
I removed the tick for PPTP out of the allow PPTP through the firewall
restarted the services and tried a connection and I could still get
out!!!
OK try a reboot just in case I missed something.... I can still get
out!!!
OK delete the SecureNat PPTP rule completly restart the services and I
can still get out!!!!
OK try a reboot just in case I missed something.... I can still get
out!!!
Now I am stumped Is this a one way only switch? Am I doing something
wrong? (probably)I have tried these things both on my Test server and on
the Production server. Both are PS3 2000 servers with ISA stand alone
running ISA sp1 and Hot fixes 174 and 256.... Any ideas???
Any help would be greatly appreciated...
Thank you
Don
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, 28 March 2003 12:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PPTP through the ISA server
http://www.ISAserver.org
Hi Don,
When I have control over things (which is rare), I don't allow outbound
VPN connections from the private network. Why? Because that client
becomes a link between the remote network and my network. I have no
control over the security policy on the remote network, and I don't know
what this VPN client is transferring from their network to mine, and
what its transferring from my network to theirs. ISA Server doesn't not
examine communications going to a VPN link, so you have no idea what's
going on.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Don McCall [mailto:DMcCall@xxxxxxxxxx]
Sent: Thursday, March 27, 2003 6:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] PPTP through the ISA server
http://www.ISAserver.org
Hi,
I have the ISA server set up to allow PPTP to the outside world. It
works well as I often connect to my home network using this. We use DHCP
here at work and we use the ISA to authenticate out going traffic. I
have inadvertanly discovered that I can VPN out on ANY computer that is
NOT a part of the Domain. While the security implications are relatively
small there is an issue with bandwidth being used. The ISA is the
default gateway. The connection does not show up on the ISA server I
cannot find an indication of the connection any where, but it is. Is
there a way of stopping this?? Am I missing something simple??
Thank you for any assistance or advice that you can give on this.
Regards
Don McCall
Systems Administrator
Baptist Community Services
Phone 02 9941 6049
Email dmccall@xxxxxxxxxx
Fax 02 9889 1520
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dmccall@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2
Free Trial Software: Monitor & Manage Web Use with SurfControl Web
Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Free Trial Software: Monitor & Manage Web Use with SurfControl Web
Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dmccall@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2
Free Trial Software: Monitor & Manage Web Use with SurfControl Web
Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
