RE: VPN....
- From: "Friese, Casey" <cfriese@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Dec 2002 10:07:22 -0500
Let's do this the long way....
Open RRAS on the ISA server and create a new dial-on demand interface.
Name the interface whatever you want...I'll use ISA1_ISA2 - we're
configuring ISA1 at the moment.
Type the IP address of ISA2 as the destination
Set up the connection as Persistant (OPTIONAL)
Set the security under Advanced Settings to MS CHAP and MS CHAP ver. 2
and require encryption - disconnect if server declines. (OPTIONAL -
just make sure it matches on both servers)
On ISA2 do the same steps, only put the IP address of ISA1 as the
destination.
Now, click on Remote Access Policies and create a new policy named
"Allow access if dial-in permission is enabled" or whatever you want.
Set Grant Remote Access permissions. Specify day and time restrictions
for use but leave everything allowed. Do this on both servers.
Now, still in RRAS on both ISA's, click Static Routers under IP Routing
and create a new static router for each "Local" segment behind the ISA's
- Network behind ISA 2 is 10.168.0.0 so in RRAS of ISA1 I will create a
static route for 10.168.0.0 mask 255.255.0.0 and set the interface to be
ISA1_ISA2 and check the box to "Use this route to initate...." Do the
reverse for ISA2 in RRAS.
Now, Open the ISA management console on ISA1 and click IP Pack Filters
under Access Policy. We're going to create 2 packet filters:
1. Allow PPTP protocol packets (client) for VPN Connection: ISA1_ISA2
(Name of Filter)
For Filter type, set to Predefined PPTP Call, For local computer, set to
the IP address of the ext. interface of ISA1. For remote computer, set
to the IP address of the ext. interface of ISA2
2. Allow PPTP protocol packets (server) for VPN Connection: ISA1_ISA2
(Name of Filter)
For Filter type, set to Predefined PPTP Receive, For local computer,
set to the IP address of the ext. interface of ISA1. For remote
computer, set to the IP address of the ext. interface of ISA2
This will get you setup with PPTP, if you want IPSec, we'll go down that
road after you get this working. Hope I didn't miss anything.
-----Original Message-----
From: Ian Roberts [mailto:Ian@xxxxxxxxxxxxxx]
Sent: Thursday, December 19, 2002 9:31 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: VPN....
In RRAS it's set to grant remote access permission. Are there
any other settings I should check ? Many thanks for your help.
-----Original Message-----
From: Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx]
Sent: Thu 19/12/2002 14:11
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] RE: VPN....
http://www.ISAserver.org
This has nothing to do with the ISA piece of the
equation but rather it
has to do with how you have RRAS configured. Check your
RRAS dial-in
policies on the machine that is to accept the connection
and also verify
that the account used by the dialing machine has dial-in
permissions on
the box that is accepting the connection.
-----Original Message-----
From: Ian Roberts [mailto:ian@xxxxxxxxxxxxxx]
Sent: Thursday, December 19, 2002 7:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN....
http://www.ISAserver.org
I'm trying to create a VPN connection between 2 ISA
servers. On one it
goes through okay but on the other one I get the
message:-
"The wizard cannot create the virtual private network
(VPN) connection.
An action to allow dial-in permissions failed."
Nothing on technet for the error message. The ISA server
with the
message has a ISDN connection to the internet. Many
thanks.
List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere,
leverages ISA server
and the Internet to quickly and cost-effectively manage
and deliver
secure, client-less access to all corporate applications
(Web, Unix,
Windows and legacy systems), for all users. More info at
http://www.aspelle.com/info
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as:
cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email
to
$subst('Email.Unsub')
List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere,
leverages ISA server and the Internet to quickly and cost-effectively
manage and deliver secure, client-less access to all corporate
applications (Web, Unix, Windows and legacy systems), for all users.
More info at http://www.aspelle.com/info
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: ian@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
