Hi Joseph, If there is a VPN fix, then go for it. There are a number of things that you bang your head up against from today until doomsday, but if there is something that indicates a hotfix will work, you might want to take advantage of it. I seem to recall, in the distant recesses of my aged memory, that there was a problem like this with PPTP, but was fixed when using L2TP/IPSec. This was ISA 2000. It might have been fixed in ISA2k SP2. When you say the NAT function on the router is turned off, are you saying that its just acting are a regular router, without traffic filtering at all? Also could be an MTU issue, but that *should* be affecting everyone. What I'm trying to get at is there is a big playing field of possible problems and fixes. Would be worth the PSS call -- and I hate to give in like that, VPN connectivity issues are worth the call if you're not really jiggy with NetMon or Ethereal and interpreting the traces. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] Sent: Thursday, October 27, 2005 3:52 PM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic Tom: for every time you help - a beer is owed. Please pick them up soon, my truck is getting pretty heavy. 1) Thank you. 2) Same clients (as it seems). 3) The ISA has a Netopia DSL modem/router. NAT function has been turned off. It should be passing through all traffic without translation or inspection. 4) The IP addresses: 198.133.170.1, 167.206.5.250, 129.250.163.36, 147.208.132.198, 64.233.179.104 and more. *** Interesting find, if I execute a continuous ping from the client to the home server - the connection continues to work fine... so far *** I found a few articles - but the closet say to contact MS for a fix. Joseph Danielsen: MCSA-Messaging, MCP Network Blade Inc. 49 Marcy Street Somerset, NJ 08873 Phone: 732-259-0201 www.networkblade.com ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thu 10/27/2005 4:31 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Clients - No PPTP traffic http://www.ISAserver.org Hi Joseph, IIRC - If I recall correctly Are they always the same clients who drop off, or does it vary? Also, are there any devices, routers or NAT devices in front of the ISA firewalls? What address is generating the all port scan attack? I usually ignore those warnings, but since something is happening here, it worth checking it out. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] Sent: Thursday, October 27, 2005 2:55 PM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: VPN Clients - No PPTP traffic Thanks Tom! I will continue to look for a KB that will help. (what does IIRC mean?) Clients are all XP pro and one 2k Pro using Outlook 2002 (updated and patched). Neither ISA shows anything in the System / Application event logs ...... except for a crap load of :15105 notices "ISA Server detected an all port scan attack from Internet Protocol (IP) address x.x.x.x" Should I be doing something with these source IP addresses? Joseph Danielsen: MCSA-Messaging, MCP Network Blade Inc. 49 Marcy Street Somerset, NJ 08873 Phone: 732-259-0201 www.networkblade.com ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thu 10/27/2005 3:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Clients - No PPTP traffic http://www.ISAserver.org Hi Joseph, It could be the client operating systems. I recall a KB article that mentioned a fix for PPTP connections that dropped early -- but IIRC, the drops took place after a minute or two. What client OS's are they using? The Event Viewer on the VPN server usually says why the connection was dropped, if the VPN server was aware of the droppage. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] Sent: Thursday, October 27, 2005 2:31 PM To: [ISAserver.org Discussion List] Subject: VPN Clients - No PPTP traffic I am at a remote site - inwhich which all users connect to the main office via individual VPN clients (temp situation for next 2 months). After approx 20 minutes, no traffic seems to go through the PPTP tunnel. If I disconnect, then re-connect all works well. I don't know if one of the ISA boxes are to blame. My laptop is also connected to the main office, with the same applications opened and I have no problems. Main Office Firewall: Windows 2003, ISA 2004. Remote Office Firewall: Windows 2003, ISA 2000. Help! Please Help! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jdanielsen@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jdanielsen@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx