I would not suggest UNCHECKING the "default gateway...." use. This opens the vpn'd client to be controlled externally. Ultimately that is up to you though. -----Original Message----- From: Rui Silva [mailto:rui.silva@xxxxxxxxxxx] Sent: Friday, July 11, 2003 11:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RES: Oh no! Not another VPN problem! http://www.ISAserver.org That's it!! I had already unchecked the "default gateway in remote network" but I hadn't configured the proxy settings for the VPN connection. Txs guys -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Friday, July 11, 2003 16:19 To: [ISAserver.org Discussion List] Subject: [isalist] RES: Oh no! Not another VPN problem! http://www.ISAserver.org When you open a VPN thru a Workstation, there's a proxy configuration for each dial-up connection you create. Set the proxy configuration for your ISA Server inside that connection on Explorer's Internet Properties. Workaround: try unchecking the box "default gateway in remote network" on the advanced TCP/IP properties of the VPN connection. This won't mess up all routes on your workstation. And one more thing (like Steve Jobs always says =)): disable the firewall client when you need to access resources on the VPN. When I connect to remote computers I must disable it in order to open the resources on the remote network. Tiago de Aviz SoftSell (41) 340-2363 www.softsell.com.br -----Mensagem original----- De: Rui Silva [mailto:rui.silva@xxxxxxxxxxx] Enviada em: sexta-feira, 11 de julho de 2003 12:02 Para: [ISAserver.org Discussion List] Assunto: [isalist] Oh no! Not another VPN problem! http://www.ISAserver.org Yes, it's true (I'm beginning to think that ISA and VPN don't play well...). So, imagine this scenario: ISA SERVER ---------- -SP1 -Integrated mode -PPTP through ISA firewall allowed -Site and Content Rule that requires authentications for all destinations -The Web Proxy is not configured to ask for authentication CLIENTS ------- -Simultaneously SecureNAT/Firewall/Web Proxy -IE 6.0 SP1 Everything works well when clients are browsing the net, BUT... When a client makes a VPN connection, he (she) is still able to make Terminal Services connections to the outside, do DNS resolutions, etc (the protocol rules are OK, so I think there's nothing wrong with the Firewall Service). The problem is that browsing with IE is no longer allowed. The ISA Server comes up with this message: The page cannot be displayed [...] 403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) Internet Security and Acceleration Server I already tried to look at the logs and I can't see anything wrong. I even used a network sniffer, but with no results. What is going wrong here? Txs. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rui.silva@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jlyon@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')