[isalist] Re: VPN over the net

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 22 Mar 2006 18:27:54 -0800

http://www.ISAserver.org
-------------------------------------------------------

Could be - we need to see what's inside the packets; not just a text summary. 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Wednesday, March 22, 2006 18:22
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN over the net

Bingo:
"98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP", "60637 > pptp [RST, 
ACK] Seq=373 Ack=213 Win=0 Len=0"
 
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
        Sent: Wednesday, March 22, 2006 8:14 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: RE: [isalist] Re: VPN over the net
        
        
        Here is a dump off the ISA server just taken now using Ethereal. This 
time I just used the access rule I created for PPTP and L2PT which gave me the 
619 error machine. I looked it up and several sites say that you need to have 
port 1723 option and protocol #47 GRE as well. I don't see any GRE in ISA's 
protocol list so I am not sure if it's open by default or not. 
         
        "77", "20.354517", "206.248.138.108", "67.69.15.20", "TCP", "60637 > 
pptp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412"
        "78", "20.356294", "67.69.15.20", "206.248.138.108", "TCP", "pptp > 
60637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460"
        "79", "20.708283", "206.248.138.108", "67.69.15.20", "TCP", "60637 > 
pptp [ACK] Seq=1 Ack=1 Win=65535 Len=0"
        "80", "20.711863", "206.248.138.108", "67.69.15.20", "PPTP", 
"Start-Control-Connection-Request"
        "81", "20.719783", "67.69.15.20", "206.248.138.108", "PPTP", 
"Start-Control-Connection-Reply"
        "82", "21.109566", "206.248.138.108", "67.69.15.20", "PPTP", 
"Outgoing-Call-Request"
        "83", "21.133715", "67.69.15.20", "206.248.138.108", "PPTP", 
"Outgoing-Call-Reply"
        "84", "21.489766", "206.248.138.108", "67.69.15.20", "PPTP", 
"Set-Link-Info"
        "85", "21.492862", "206.248.138.108", "67.69.15.20", "PPP LCP", 
"Configuration Request"
        "86", "21.514942", "67.69.15.20", "206.248.138.108", "PPP LCP", 
"Configuration Request"
        "87", "21.515068", "67.69.15.20", "206.248.138.108", "PPP LCP", 
"Configuration Ack"
        "88", "21.687898", "67.69.15.20", "206.248.138.108", "TCP", "pptp > 
60637 [ACK] Seq=189 Ack=349 Win=65187 Len=0"
        "89", "21.881650", "206.248.138.108", "67.69.15.20", "PPP LCP", 
"Configuration Reject"
        "90", "21.881897", "67.69.15.20", "206.248.138.108", "PPP LCP", 
"Configuration Request"
        "91", "21.982027", "206.248.138.108", "67.69.15.20", "GRE", 
"Encapsulated PPP"
        "92", "22.088583", "206.248.138.108", "67.69.15.20", "PPP LCP", 
"Configuration Ack"
        "93", "22.089048", "67.69.15.20", "206.248.138.108", "PPTP", 
"Set-Link-Info"
        "94", "22.090538", "206.248.138.108", "67.69.15.20", "PPP LCP", 
"Identification"
        "95", "22.090965", "206.248.138.108", "67.69.15.20", "PPP LCP", 
"Identification"
        "96", "22.092652", "206.248.138.108", "67.69.15.20", "PPTP", 
"Set-Link-Info"
        "97", "22.102192", "67.69.15.20", "206.248.138.108", "PPP CHAP", 
"Challenge"
        "98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP", "60637 > 
pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0"
         
        Regards,
        Andrew


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 03-2006