Tom, I appreciate your willingness to help, but I'm still confused. Please forgive the ignorance. 1. Are you referring to the DHCP scope that the ISA firewall is pulling it's addresses from? If so, the dhcp scope addresses and the Inside interface are on the same subnet (192.168.1.x). 2. Are you referring to the clients that are attempting to connect to the ISA firewall? They are on external networks. 3. Are you referring possible IP addresses that are currently on the PC's that are attempting to connect? For example PC1 has an IP address of 192.168.1.100 on his own home network behind a cable modem, and is attempting to connect to the VPN client which is assigning IP addresses of 192.168.1.x and therefore the Firewall is treating it as an inside machine? 4. Something else? Just as additional information, this issue seems to only occur once the server believes that it is under a SYN attack. As soon as the SYN attack has "ceased" and the server is rebooted, everyone can connect. Only those users that had a VPN session before the "attack" started were able to maintain their connections. All new connections were denied. Thanks! Andy Winter OPESNET ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Saturday, September 03, 2005 11:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client Access Problem - Stops accepting connections http://www.ISAserver.org Hi Andy, Wrong answer. Read the question again. Thanks! Tom ________________________________ From: Andy Winter [mailto:Andy.Winter@xxxxxxxxxxx] Sent: Friday, September 02, 2005 5:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client Access Problem - Stops accepting connections http://www.ISAserver.org Hello Thomas, No, they are connecting from external IP addresses from their homes or other offices. Thanks! Andy Winter OPESNET ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, September 02, 2005 5:32 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client Access Problem - Stops accepting connections http://www.ISAserver.org Hi Andy, Are they connecting from a network that's on the same Network ID as the client IP addresses you're assigning? Thanks! Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Andy Winter [mailto:Andy.Winter@xxxxxxxxxxx] Sent: Friday, September 02, 2005 2:47 PM To: [ISAserver.org Discussion List] Subject: [isalist] VPN Client Access Problem - Stops accepting connections http://www.ISAserver.org Hello. I am having an issue where at some point during the day, users attempting to connect to the ISA Server 2004 via VPN client are unable to. When lookin at the logging mechanism, all that shows is "Access Denied" without a rule violation. Yet, some users are able to connect without a problem. The number of available users has been set to 100. Once I reboot the firewall box, users seem able to connect without a problem. I've also noticed that the SYN Attack alert shows up at about the same time that users report not being able to connect to the VPN. Also, I've noticed that ISA 2004 seems to be pulling a large number of IP addresses from the DHCP range (20) that doesn't match up with the number of listed connections (9) Never posted before, so I guess I'm just wondering if this is innappropriate to post here, or if I just bite it and just call MS? Thanks! Andy Winter OPESNET (888)310-2027 Email: mailto:support@xxxxxxxxxxx <mailto:support@xxxxxxxxxxx> Online: http://www.opesnet.com <http://www.opesnet.com/> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andy.winter@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.17/85 - Release Date: 8/30/2005 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andy.winter@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.17/85 - Release Date: 8/30/2005 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.