Hi Tom, Great! Keep us informed if you find a more elegant way to do it. Thanks, Stefaan -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: maandag 30 juni 2003 17:12 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RRAS and vpn http://www.ISAserver.org Hi Stefaan, You are correct! You win the social credits (I think you can take them to the EU central bank to cash them in :-) ) When you disable the IPSec Policy Agent, it releases UDP 500. The packet filter log showed that UDP 500 connections were being blocked. That didnt make sense, since I had a perfectly valid Server Publishing Rule. Next step was to look at the Event Viewer. There was a message in the Event Viewer indicating that the Server Publishing Rule had failed because of another process. I recalled from my reading of Hacking Windows 2000 Exposed that the IPSec Policy Agent would grab this port and open it even when Win2k packet filtering was active. I believe there is a more elegant way than disabling the policy agent, so I'll have to find my copy of Hacking Win2k Exposed and see what the Registry Keys are to stop it from using UDP 500. Thanks! Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] Sent: Monday, June 30, 2003 8:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RRAS and vpn Hi Tom, I have not yet a W2K3 server running. However, on a standard W2K server UDP port 500 and 4500 seems to be occupied by the "lsass.exe" process. If I shutdown the "IPSec Policy Agent" service, then those UDP ports seems to become available. Cheers, Stefaan -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: maandag 30 juni 2003 8:15 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RRAS and vpn http://www.ISAserver.org Hi Greg, Nope. First hint: the packet filter log showed blocked packets for UDP 500, in spite of the fact that there was a valid Server Publishing Rule. HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx] Sent: Monday, June 30, 2003 12:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RRAS and vpn http://www.ISAserver.org have to say either RRAS or ICS... prolly RRAS since it is the only one that would be going on a firewall you would hope.... Greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')