VPN issues
- From: "Sonny Mulitalo" <SonnyM@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 4 Sep 2003 16:19:42 +1200
Hi,
I am having trouble getting a stable connection between 2 networks
connected via RRAS. Network A has RRAS configured on a Machine with ISA
installed on it. Network B also has RRAS configured on a machine with
ISA installed on it as well. Network B is a Subnet in the same domain as
Network A.
In network B, Laptops connect to resources in Network A via A VPN
through the internet between RRAS Server in Network A and RRAS server in
Network B. However, one of the Laptop has XP Home Edition installed on
it so therefore cannot login to a Domain. To get around this limitation,
a VPN client is created on the Laptop with XP Home Edition terminating
at the RRAS in Network B so that it can be authenticated on the Domain
and access all resources available. This will work fine so long as ISA
server firewall service is disabled. On the other hand if the ISA
firewall service is enabled and running, this will still work but very
unstable. The following error message is reported together with
microsofts proposed solution while the VPN connection is up while the
ISA firewall service is running. This error only occurs on the RRAS
server in Network B.
ISA Error Message:
Description: Failed to create the Internet Protocol (IP) packet filter.
For more information about this event, see ISA Server Help.
Microsoft Solution:
Event ID14123
Event Message
Failed to create the Internet Protocol (IP) packet filter. For more
information about this event, see ISA Server Help.
Explanation
A static packet filter could not be created. System configuration might
be incorrect, and the service might have attempted to create the filter
for an external remote host on an ISA Server internal interface, due to
incorrect configuration for default routing. Otherwise, memory resources
might be low.
User Action
For system configuration problems, check the Local Address Table (LAT)
configuration, run ipconfig/all to check TCP/IP configuration, and run
Route -Print to obtain a list of registered, persistent routes. To check
the LAT, in the ISA Management console tree, click Servers and Arrays,
click Name, click Network Configuration, and then click Local Address
Table. For low memory resources, close other applications or stop and
restart the services.
Route Table:
========================================================================
===
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.254
1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
169.254.174.102 255.255.255.255 127.0.0.1 127.0.0.1
1
169.254.246.218 255.255.255.255 169.254.174.102 169.254.174.102
1
169.254.255.255 255.255.255.255 169.254.174.102 169.254.174.102
1
192.168.0.0 255.255.255.0 192.168.0.254 192.168.0.254
1
192.168.0.254 255.255.255.255 127.0.0.1 127.0.0.1
1
192.168.0.255 255.255.255.255 192.168.0.254 192.168.0.254
1
192.168.96.0 255.255.240.0 169.254.246.218 169.254.174.102
1
192.168.192.0 255.255.240.0 192.168.200.20 192.168.200.20
1
192.168.200.20 255.255.255.255 127.0.0.1 127.0.0.1
1
192.168.200.100 255.255.255.255 192.168.200.109 192.168.200.109
1
192.168.200.109 255.255.255.255 127.0.0.1 127.0.0.1
1
192.168.200.255 255.255.255.255 192.168.200.20 192.168.200.20
1
203.118.145.50 255.255.255.255 192.168.0.1 192.168.0.254
1
224.0.0.0 224.0.0.0 169.254.174.102 169.254.174.102
1
224.0.0.0 224.0.0.0 192.168.0.254 192.168.0.254
1
224.0.0.0 224.0.0.0 192.168.200.20 192.168.200.20
1
255.255.255.255 255.255.255.255 192.168.0.254 192.168.0.254
1
Default Gateway: 192.168.0.1
========================================================================
===
Persistent Routes:
The memory is only 50% utilized.
Any help is much Appreciated.
Regards,
Sonny Mulitalo
Other related posts:
