RE: VPN Client Access Problem - Stops accepting connections

  • From: "Andy Winter" <Andy.Winter@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 6 Sep 2005 15:13:16 -0400

Tom,
I appreciate your willingness to help, but I'm still confused. Please
forgive the ignorance. 
1. Are you referring to the DHCP scope that the ISA firewall is pulling
it's addresses from? If so, the dhcp scope addresses and the Inside
interface are on the same subnet (192.168.1.x). 
2. Are you referring to the clients that are attempting to connect to
the ISA firewall? They are on external networks. 
3. Are you referring possible IP addresses that are currently on the
PC's that are attempting to connect? For example PC1 has an IP address
of 192.168.1.100 on his own home network behind a cable modem, and is
attempting to connect to the VPN client which is assigning IP addresses
of 192.168.1.x and therefore the Firewall is treating it as an inside
machine? 
4. Something else?
 
Just as additional information, this issue seems to only occur once the
server believes that it is under a SYN attack. As soon as the SYN attack
has "ceased" and the server is rebooted, everyone can connect. Only
those users that had a VPN session before the "attack" started were able
to maintain their connections. All new connections were denied.
 
Thanks! 
Andy Winter 
OPESNET 
 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Saturday, September 03, 2005 11:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Client Access Problem - Stops accepting
connections


http://www.ISAserver.org

Hi Andy,
 
Wrong answer.
Read the question again.
 
Thanks!
Tom


________________________________

        From: Andy Winter [mailto:Andy.Winter@xxxxxxxxxxx] 
        Sent: Friday, September 02, 2005 5:23 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: VPN Client Access Problem - Stops
accepting connections
        
        
        http://www.ISAserver.org
        
        Hello Thomas,
        No, they are connecting from external IP addresses from their
homes or other offices. 
         

        Thanks! 
        Andy Winter 
        OPESNET 

         

________________________________

        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: Friday, September 02, 2005 5:32 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: VPN Client Access Problem - Stops
accepting connections
        
        
        http://www.ISAserver.org
        
        Hi Andy,
         
        Are they connecting from a network that's on the same Network ID
as the client IP addresses you're assigning?
         
        Thanks!
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://spaces.msn.com/members/drisa/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls

         


________________________________

                From: Andy Winter [mailto:Andy.Winter@xxxxxxxxxxx] 
                Sent: Friday, September 02, 2005 2:47 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] VPN Client Access Problem - Stops
accepting connections
                
                
                http://www.ISAserver.org
                
                Hello. 
                I am having an issue where at some point during the day,
users attempting to connect to the ISA Server 2004 via VPN client are
unable to. When lookin at the logging mechanism, all that shows is
"Access Denied" without a rule violation. Yet, some users are able to
connect without a problem. The number of available users has been set to
100. Once I reboot the firewall box, users seem able to connect without
a problem. 
                I've also noticed that the SYN Attack alert shows up at
about the same time that users report not being able to connect to the
VPN. 
                 
                Also, I've noticed that ISA 2004 seems to be pulling a
large number of IP addresses from the DHCP range (20) that doesn't match
up with the number of listed connections (9)
                 
                Never posted before, so I guess I'm just wondering if
this is innappropriate to post here, or if I just bite it and just call
MS?

                Thanks!
                Andy Winter
                OPESNET
                (888)310-2027
                Email: mailto:support@xxxxxxxxxxx
<mailto:support@xxxxxxxxxxx> 
                Online: http://www.opesnet.com <http://www.opesnet.com/>

                

                 

                This email and any files transmitted with it are
confidential and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email in error
please notify the system manager. This message contains confidential
information and is intended only for the individual named. If you are
not the named addressee you should not disseminate, distribute or copy
this e-mail. ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Visit TechGenix.com for more information about our other
sites:
                http://www.techgenix.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
                To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                Report abuse to listadmin@xxxxxxxxxxxxx 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: andy.winter@xxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 
        This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. This message contains confidential information and
is intended only for the individual named. If you are not the named
addressee you should not disseminate, distribute or copy this e-mail.
------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 
        

        --
        No virus found in this incoming message.
        Checked by AVG Anti-Virus.
        Version: 7.0.344 / Virus Database: 267.10.17/85 - Release Date:
8/30/2005
        

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andy.winter@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.17/85 - Release Date:
8/30/2005



This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2005