Urgent VPN-HELP needed
- From: Michael.Siemen@xxxxxxxxxxxxxx
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 26 Aug 2002 12:45:17 +0200
Hi,
we want to establish an internal ISA-VPN-Server behind an external
ISA-VPN-Server. To do this, i read the Dokument "Configuring VPN access in
a Back to Back ISA Server Environment".
After implementing both ISA-Servers everyting looked fine. An external
W2K-Client was able to connect to the internal VPN-Server over the external
VPN-Server. But when i testet it with a w2k-client, which was connected to
the Internet by ISDN or DSL, the problems began. It is possible to connect
to the internal VPN an ping the internal clients, but it isn't possible to
transfer larger files or connect to an internal host via terminalserver or
pcanywhere. It seems that some packets ar lost.
So i read about problems with fragmentation (mtu size) und edited the
registries of the client an the isa-servers but nothing helped.
I tried some registry-settings for the client from the internet an testet
them. But they didn't work neither.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"SackOpts"=dword:00000001
"TcpWindowSize"=dword:0003ebc0
"Tcp1323Opts"=dword:00000001
"DefaultTTL"=dword:00000040
"EnablePMTUBHDetect"=dword:00000000
"EnablePMTUDiscovery"=dword:00000001
"GlobalMaxTcpWindowSize"=dword:0003ebc0
When i use only the external VPN-Server to connect to DMZ-Hosts everything
is fine.
We really need this functionality. Does anyone have an idea?
Mit freundlichem Gruss,
Michael Siemen
Mettenmeier GmbH, Projektleiter IT-Services
Klingenderstr. 10-14, 33100 Paderborn
Tel. (0 52 51) 1 50-321; Fax (0 52 51) 1 50-499
mailto:Michael.Siemen@xxxxxxxxxxxxxx
http://www.mettenmeier.de
Other related posts:
