Hi Tom, that was also my first thought but the empty rule column and 'FWX_E_NETWORK_RULES_DENIED' bothered me... ;-) Thanks, Stefaan -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: donderdag 5 januari 2006 22:38 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Client cannot RDP to server on LAN http://www.ISAserver.org Hi Stefaan, Good idea, but I thought this was unlikely because there is a default Network Rule in place, so you don't need to create it. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx] > Sent: Thursday, January 05, 2006 2:38 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: VPN Client cannot RDP to server on LAN > > http://www.ISAserver.org > > Hi Danny, > > Because the rule column is empty, check out if there is a > *network* rule > defined for the commmunication between the VPN clients and the > Internal network? > > HTH, > Stefaan > > -----Original Message----- > From: Danny [mailto:nocmonkey@xxxxxxxxx] > Sent: donderdag 5 januari 2006 20:19 > To: [ISAserver.org Discussion List] > Subject: [isalist] VPN Client cannot RDP to server on LAN > > http://www.ISAserver.org > > ISA 2004 SP1 on Win2003 STD SP1, just activated PPTP VPN through ISA > mgmt console, created Access/Allow rule (there are no pre-existing > deny rules - except for the default) for all Outbound protocols, From > VPN Clients, To All Protected Networks, All users, yet an RDP > connection to a server on the LAN is denied (see log below). I can > RDP to the ISA server, but just not other servers. > > The odd part, in the firewall log, the rule column is empty, whereas > most denies occurd due to the Default Deny Rule. > > Any assistance would be much appreciated. > > <Excuse the line wrap> > > Original Client IP Client Agent Authenticated Client Service Server > Name Referring Server Destination Host Name Transport MIME Type Object > Source Source Proxy Destination Proxy Bidirectional Client Host Name > Filter Information Network Interface Raw IP Header Raw Payload Source > Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status > Code Cache Information Error Information Log Record Type Log Time > Destination IP Destination Port Protocol Action Rule Client IP Client > Username Source Network Destination Network HTTP Method URL > 192.168.1.130 MS-ISA - TCP - - > 1396 0 0 0 0xc0040012 FWX_E_NETWORK_RULES_DENIED 0x0 0x0 Firewall > 05/01/2006 > 1:55:25 PM > 192.168.1.253 3389 RDP (Terminal Services) Denied Connection > 192.168.1.130 VPN Clients Internal - - 192.168.1.130 MS-ISA - TCP - - > 1396 0 0 0 > 0xc0040012 FWX_E_NETWORK_RULES_DENIED 0x0 0x0 Firewall > 05/01/2006 1:55:28 PM > 192.168.1.253 3389 RDP (Terminal Services) Denied Connection > 192.168.1.130 VPN Clients Internal - - >