[isalist] Re: Point to Point VPN ISA 2006

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 21 Oct 2007 14:52:58 -0700

http://www.ISAserver.org
-------------------------------------------------------

Good thing you started your markup with an end tag ;)

NAT-T is 4500.... NAT-T aware applications sense NAT at 500 and request
NAT-T at 4500 for subsequent applications. 

Besides, if you consider that a "smack," then you need to get out more
:-p

P.S.  I think one of our earliest conversations was about RFC3947...
Thanks for the trip down mammary lane, you tit :))))

t 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Sunday, October 21, 2007 11:38 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Point to Point VPN ISA 2006
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> </smack>
> NAT-T starts at UDP-500; then moves to UDP:4500.
> </smack>
> 
> Either way, I agree that Linksys is wasted money.
> DLink rules.
> BTW, the WAP I recommended during BH is the DWL-8200AP.
> Damn fine unit.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
> Sent: Sunday, October 21, 2007 1:55 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Point to Point VPN ISA 2006
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> You talking smack about how PPTP doesn't use IPSEC NAT-T.  And NAT-T
is
> 4500, not 500.  But mostly how if he had the netgear box, we wouldn't
> be
> having this conversation :-p
> 
> t
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Sunday, October 21, 2007 10:42 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Point to Point VPN ISA 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > ..and this relates to PPTP.. how?
> > :-p
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
> > Sent: Sunday, October 21, 2007 1:15 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Point to Point VPN ISA 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > My netgear FVX-538 has built-in IPSEC vpn capabilities.  Neener
> neener.
> >
> > t
> >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > > Sent: Sunday, October 21, 2007 8:37 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Point to Point VPN ISA 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > Indeed....
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > Sent: Sunday, October 21, 2007 12:23 PM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Point to Point VPN ISA 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > Why would I get a Linksys if it imposes such horrific design on an
> > > unsuspecting user?
> > > What's really interesting about that is that no sane PPTP endpoint
> > will
> > > use that protocol and so they're adding another layer of potential
> > > breakage to the communications.
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > > Sent: Sunday, October 21, 2007 7:56 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Point to Point VPN ISA 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > OK Smartass...:)
> > >
> > > Go get a Linksys and see if you can get pptp through it "without"
> udp
> > > 500. They seem to use it no matter that it's ipsec.
> > >
> > > S
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > Sent: Sunday, October 21, 2007 11:48 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Point to Point VPN ISA 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > PPTP not use IPSec NAT-T, yanumptie...
> > >
> > > Many NAT-based devices trash otherwise functional PPTP traffic.
> > > If you get a network capture of the traffic at both sides of the
> > > "router", we can examineit or the common failure point (PeerID
gets
> > > changed somewhere along the line).
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > > Sent: Saturday, October 20, 2007 2:49 PM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Point to Point VPN ISA 2006
> > >
> > > Have you forwarded udp 500 through the Linksys??
> > >
> > >
> > >
> > > S
> > >
> > >
> > >
> > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of William Holmes
> > > Sent: Saturday, October 20, 2007 6:31 PM
> > > To: ISA Mailing List
> > > Subject: [isalist] Point to Point VPN ISA 2006
> > >
> > >
> > >
> > > Hello,
> > >
> > >
> > >
> > > I have a point to point VPN setup with ISA2006. This has been
> working
> > > just fine until my Internet Router Died. I have a new router on
> order
> > > but I have a question.
> > >
> > >
> > >
> > > I put a new router (one I had around) in place of my dead router.
> On
> > > this router (Linksys befsx41)  I enabled VPN pass through. If I
> plug
> > a
> > > laptop into the BEFSX41 directly I can start a PPTP connection and
> > > connect to the remote ISA2006 server.
> > >
> > >
> > >
> > > However if I try to start the point to point PPTP connection
> between
> > > the Local ISA2006 server and the Remote ISA 2006 server I get the
> > > following error message from the routing and remote access
service:
> > >
> > >
> > >
> > > An error occurred during connection of the interface. The
> connection
> > > was terminated by the remote computer before it could be
completed.
> > For
> > > further assistance click More Info or search Help and Support
> Center
> > > for this error number.
> > >
> > >
> > >
> > > However there is no error number.
> > >
> > >
> > >
> > > If I connect my ISA server directly to my broadband connection
then
> > the
> > > Tunnel works fine (that is ISA to ISA without the intervening
> > router).
> > > Now before someone jumps to conclusions about why I have the
> router,
> > I
> > > am on a dynamic IP address at home where I am connecting from and
I
> > > want ISA to always have a fixed address. In addition I have two
> > > Internet connections one Cable and one DSL and the Router (Linksys
> > > RV042) handles connection to both and provides failover and
> bandwidth
> > > aggregation. It also provides some simple packet filtering that
> cuts
> > > down on a lot of the BS that in on the broadbands.
> > >
> > >
> > >
> > > The VPN works fine with the RV042 but not with the older BEFSX41
> and
> > I
> > > would like to understand why, especially since a VPN connection to
> > the
> > > same remote ISA server works fine when connecting from a laptop
> that
> > is
> > > connected to same Router.
> > >
> > >
> > >
> > > Thanks
> > >
> > >
> > >
> > > Bill
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2007