RE: RES: Oh no! Not another VPN problem!
- From: "John G. Lyon" <jlyon@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 11 Jul 2003 11:33:30 -0400
I would not suggest UNCHECKING the "default gateway...." use. This opens
the vpn'd client to be controlled externally. Ultimately that is up to
you though.
-----Original Message-----
From: Rui Silva [mailto:rui.silva@xxxxxxxxxxx]
Sent: Friday, July 11, 2003 11:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RES: Oh no! Not another VPN problem!
http://www.ISAserver.org
That's it!!
I had already unchecked the "default gateway in remote network" but I
hadn't configured the proxy settings for the VPN connection.
Txs guys
-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Friday, July 11, 2003 16:19
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: Oh no! Not another VPN problem!
http://www.ISAserver.org
When you open a VPN thru a Workstation, there's a proxy configuration
for each dial-up connection you create. Set the proxy configuration for
your ISA Server inside that connection on Explorer's Internet
Properties.
Workaround: try unchecking the box "default gateway in remote network"
on the advanced TCP/IP properties of the VPN connection. This won't mess
up all routes on your workstation.
And one more thing (like Steve Jobs always says =)): disable the
firewall client when you need to access resources on the VPN. When I
connect to remote computers I must disable it in order to open the
resources on the remote network.
Tiago de Aviz
SoftSell
(41) 340-2363
www.softsell.com.br
-----Mensagem original-----
De: Rui Silva [mailto:rui.silva@xxxxxxxxxxx]
Enviada em: sexta-feira, 11 de julho de 2003 12:02
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Oh no! Not another VPN problem!
http://www.ISAserver.org
Yes, it's true (I'm beginning to think that ISA and VPN don't play
well...). So, imagine this scenario: ISA SERVER
----------
-SP1
-Integrated mode
-PPTP through ISA firewall allowed
-Site and Content Rule that requires authentications for all
destinations -The Web Proxy is not configured to ask for authentication
CLIENTS
-------
-Simultaneously SecureNAT/Firewall/Web Proxy
-IE 6.0 SP1
Everything works well when clients are browsing the net, BUT... When a
client makes a VPN connection, he (she) is still able to make Terminal
Services connections to the outside, do DNS resolutions, etc (the
protocol rules are OK, so I think there's nothing wrong with the
Firewall Service). The problem is that browsing with IE is no longer
allowed. The ISA Server comes up with this message:
The page cannot be displayed
[...]
403 Forbidden - The ISA Server denies the specified Uniform Resource
Locator (URL). (12202) Internet Security and Acceleration Server
I already tried to look at the logs and I can't see anything wrong. I
even used a network sniffer, but with no results.
What is going wrong here?
Txs.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rui.silva@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jlyon@xxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
