http://www.ISAserver.org ------------------------------------------------------- Me three. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Tuesday, January 15, 2008 10:30 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN Client Connection Problem > > http://www.ISAserver.org > ------------------------------------------------------- > > So would I. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D > PIETRUSZKA USWRN INTERLINK INFRA ASST MGR > Sent: Tuesday, January 15, 2008 7:49 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN Client Connection Problem > > http://www.ISAserver.org > ------------------------------------------------------- > > I would like to see IAG as part of the next version of ISA server. > > Regards > Diego R. Pietruszka > MSC (USA) - Interlink Transport Technologies > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Tuesday, January 15, 2008 10:33 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN Client Connection Problem > > http://www.ISAserver.org > ------------------------------------------------------- > > L2TP/IPsec with EAP user authentication (smart card, etc) is > the current > state of the art. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore > > Sent: Tuesday, January 15, 2008 9:19 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN Client Connection Problem > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Speaking of PPTP, we've been using it for years--sometime > > before I came > > along. We've just kept it going by default. I assume some > > other protocol > > would be safer and more secure. What would you (the list, not > > necessarily just Jim Harrison) recommend as an upgraded protocol? > > > > Thanks, > > Rob > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Tuesday, January 15, 2008 9:20 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN Client Connection Problem > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Yano - you did. > > I guess I'm just getting to the point where I overlook "PPTP" > > > > Still; a look at the relevant log entries (start from > > "initiate") would > > help a lot. > > Even better would be network captures from both sides of > ISA (NetMon 3 > > can do this). > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Rob Moore > > Sent: Tuesday, January 15, 2008 6:02 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN Client Connection Problem > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > I did mention in my original post that it was PPTP. > > > > Rob > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Thomas W Shinder > > Sent: Monday, January 14, 2008 10:39 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN Client Connection Problem > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > I'll bet a dollar it's a PPTP VPN :) > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Monday, January 14, 2008 8:07 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: VPN Client Connection Problem > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Can you include a couple of the log entries that indicate > > this traffic? > > "VPN" is too vague; is this IPSec, PPTP, SSL-VPN..? > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Rob Moore > > Sent: Monday, January 14, 2008 1:33 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] VPN Client Connection Problem > > > > Hello all- > > > > ISA 2006 Standard > > > > Windows Server 2003 > > > > I've got an odd problem. I have a guy using a Mac trying to > connect to > > my VPN server. (The VPN server is a Windows server running > behind the > > ISA server. It's a PPTP VPN.) When he tries to connect, he gets this > > error message: "The connection was terminated by the communication > > device. Please verify your settings and try again". We've tried > > recreating his VPN connector. We've tried connecting wired > > and wireless > > and from several different locations. I've also > successfully connected > > to the VPN server using his account but from different > computers, both > > Mac and PC. > > > > When I monitor my own successful connection attempt on the > firewall, I > > get a single message that says the connection was initiated. When I > > monitor his unsuccessful connection attempt, I get three > > entries. First > > it says the connection was initiated. Then it says the > connection was > > closed. Then I get a "Denied" entry in which it appears the > ISA server > > is trying to send the request to the public IP address of the VPN > > server. The error is "0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED." > > > > I've tried Googling it and gotten a lot of stuff, some of it ISA > > related, some of it not. I also looked some in the archives of this > > list. > > > > Can anyone point me in the right direction? > > > > Thanks, > > > > Rob > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > > Rob Moore > > > > Network Manager > > > > 215-241-7870 > > > > Help Desk: 800-500-AFSC > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx