[isalist] Re: VPN Client Connection Problem

• From: "Rob Moore" <RMoore@xxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Tue, 15 Jan 2008 14:04:18 -0500

http://www.ISAserver.org
-------------------------------------------------------

OK. Tomorrow...

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Tuesday, January 15, 2008 1:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Client Connection Problem

http://www.ISAserver.org
-------------------------------------------------------
  
run netmon or equivalent on both sides during the transaction and save
them individually...

t

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
> Sent: Tuesday, January 15, 2008 10:03 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> How do I get a dual-ended capture?
> 
> Thanks,
> Rob
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Tuesday, January 15, 2008 11:38 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> No, you're not - you're getting "0x80074e24 FWX_E_CONNECTION_KILLED",
> which is a clear indicator of PPTP protocol violation by one or both
> ends of the VPN tunnel.  The "" code literally means "closed by
> application filter action".
> Get a dual-ended capture of this (best done at the ISA itself and I'll
> bet you I can find the packet where the problem occurred.
> 
> Jim
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Rob Moore
> Sent: Tuesday, January 15, 2008 7:55 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Now I can't get the same behavior as yesterday. Yesterday, as I
> mentioned in my original post, I'd get an "Initiated" log entry,
> followed immediately by a "Closed" log entry, and then immediately by
a
> "Denied" entry. Today I'm getting only two entries, "Initiated" and,
> about 30 seconds later, a "Closed" entry.
> 
> The logs for those two are:
> Original Client IP      Client Agent    Authenticated Client
Service
> Server Name     Referring Server        Destination Host Name
> Transport       MIME Type       Object Source   Source Proxy
> Destination Proxy       Bidirectional   Client Host Name        Filter
> Information     Network Interface       Raw IP Header   Raw Payload
> GMT Log Time    Source Port     Processing Time Bytes Sent      Bytes
> Received        Result Code     HTTP Status Code        Cache
> Information     Log Record Type Authentication Server   Log Time
> Destination IP  Destination Port        Protocol        Action  Rule
> Client IP       Client Username Source Network  Destination Network
> HTTP Method     URL     Error Information
> 216.204.20.170                          PHL-ISA3        -
> TCP     -                                               -
> 1/15/2008 3:41:35 PM    64093   31031   188     348     0x80074e24
> FWX_E_CONNECTION_KILLED         0x0     Firewall        -
> 1/15/2008 10:41:35 AM   172.17.200.20   1723    PPTP Server     Closed
> Connection      PPTP to PHL-UTILITY     216.204.20.170
> External
> Internal        -       -       0x0
> 216.204.20.170                          PHL-ISA3        -
> TCP     -                                               -
> 1/15/2008 3:41:04 PM    64093   0       0       0       0x0
> ERROR_SUCCESS           0x0     Firewall        -       1/15/2008
> 10:41:04 AM     172.17.200.20   1723    PPTP Server     Initiated
> Connection      PPTP to PHL-UTILITY     216.204.20.170
> External
> Internal        -       -       0x0
> 
> 
> I'm guessing that since this is only happening to this one person,
it's
> something to do with his computer. But if we can figure out what it is
> by using the firewall, that's OK with me.
> 
> Thanks for your help,
> Rob
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Tuesday, January 15, 2008 9:20 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Yano - you did.
> I guess I'm just getting to the point where I overlook "PPTP"
> 
> Still; a look at the relevant log entries (start from "initiate")
would
> help a lot.
> Even better would be network captures from both sides of ISA (NetMon 3
> can do this).
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Rob Moore
> Sent: Tuesday, January 15, 2008 6:02 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> I did mention in my original post that it was PPTP.
> 
> Rob
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Monday, January 14, 2008 10:39 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> I'll bet a dollar it's a PPTP VPN :)
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Monday, January 14, 2008 8:07 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN Client Connection Problem
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Can you include a couple of the log entries that indicate this
traffic?
> "VPN" is too vague; is this IPSec, PPTP, SSL-VPN..?
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx]
> On Behalf Of Rob Moore
> Sent: Monday, January 14, 2008 1:33 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] VPN Client Connection Problem
> 
> Hello all-
> 
> ISA 2006 Standard
> 
> Windows Server 2003
> 
> I've got an odd problem. I have a guy using a Mac trying to connect to
> my VPN server. (The VPN server is a Windows server running behind the
> ISA server. It's a PPTP VPN.) When he tries to connect, he gets this
> error message: "The connection was terminated by the communication
> device. Please verify your settings and try again". We've tried
> recreating his VPN connector. We've tried connecting wired and
wireless
> and from several different locations. I've also successfully connected
> to the VPN server using his account but from different computers, both
> Mac and PC.
> 
> When I monitor my own successful connection attempt on the firewall, I
> get a single message that says the connection was initiated. When I
> monitor his unsuccessful connection attempt, I get three entries.
First
> it says the connection was initiated. Then it says the connection was
> closed. Then I get a "Denied" entry in which it appears the ISA server
> is trying to send the request to the public IP address of the VPN
> server. The error is "0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED."
> 
> I've tried Googling it and gotten a lot of stuff, some of it ISA
> related, some of it not. I also looked some in the archives of this
> list.
> 
> Can anyone point me in the right direction?
> 
> Thanks,
> 
> Rob
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
> Rob Moore
> 
> Network Manager
> 
> 215-241-7870
> 
> Help Desk: 800-500-AFSC
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Re: VPN Client Connection Problem
    • From: Thomas W Shinder
  • [isalist] Re: VPN Client Connection Problem
    • From: Rob Moore
  • [isalist] Re: VPN Client Connection Problem
    • From: Jim Harrison
  • [isalist] Re: VPN Client Connection Problem
    • From: Rob Moore
  • [isalist] Re: VPN Client Connection Problem
    • From: Jim Harrison
  • [isalist] Re: VPN Client Connection Problem
    • From: Rob Moore
  • [isalist] Re: VPN Client Connection Problem
    • From: Thor (Hammer of God)

Other related posts:

• » [isalist] VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem
• » [isalist] Re: VPN Client Connection Problem

1. Home
2. isalist
3. Archive
4. 01-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---