http://www.ISAserver.org ------------------------------------------------------- Jim, I've sealed my assessment in a plain white envelope. I've seen this before. Its even in the book, although I didn't include the capture. :) Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Wednesday, March 22, 2006 8:27 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN over the net > > http://www.ISAserver.org > ------------------------------------------------------- > > Please send the actual capture. > ..to me offline if you must, but send it? > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > Sent: Wednesday, March 22, 2006 18:14 > To: isalist@xxxxxxxxxxxxx > Subject: RE: [isalist] Re: VPN over the net > > Here is a dump off the ISA server just taken now using > Ethereal. This time I just used the access rule I created for > PPTP and L2PT which gave me the 619 error machine. I looked > it up and several sites say that you need to have port 1723 > option and protocol #47 GRE as well. I don't see any GRE in > ISA's protocol list so I am not sure if it's open by default or not. > > "77", "20.354517", "206.248.138.108", "67.69.15.20", "TCP", > "60637 > pptp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412" > "78", "20.356294", "67.69.15.20", "206.248.138.108", "TCP", > "pptp > 60637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460" > "79", "20.708283", "206.248.138.108", "67.69.15.20", "TCP", > "60637 > pptp [ACK] Seq=1 Ack=1 Win=65535 Len=0" > "80", "20.711863", "206.248.138.108", "67.69.15.20", "PPTP", > "Start-Control-Connection-Request" > "81", "20.719783", "67.69.15.20", "206.248.138.108", "PPTP", > "Start-Control-Connection-Reply" > "82", "21.109566", "206.248.138.108", "67.69.15.20", "PPTP", > "Outgoing-Call-Request" > "83", "21.133715", "67.69.15.20", "206.248.138.108", "PPTP", > "Outgoing-Call-Reply" > "84", "21.489766", "206.248.138.108", "67.69.15.20", "PPTP", > "Set-Link-Info" > "85", "21.492862", "206.248.138.108", "67.69.15.20", "PPP > LCP", "Configuration Request" > "86", "21.514942", "67.69.15.20", "206.248.138.108", "PPP > LCP", "Configuration Request" > "87", "21.515068", "67.69.15.20", "206.248.138.108", "PPP > LCP", "Configuration Ack" > "88", "21.687898", "67.69.15.20", "206.248.138.108", "TCP", > "pptp > 60637 [ACK] Seq=189 Ack=349 Win=65187 Len=0" > "89", "21.881650", "206.248.138.108", "67.69.15.20", "PPP > LCP", "Configuration Reject" > "90", "21.881897", "67.69.15.20", "206.248.138.108", "PPP > LCP", "Configuration Request" > "91", "21.982027", "206.248.138.108", "67.69.15.20", "GRE", > "Encapsulated PPP" > "92", "22.088583", "206.248.138.108", "67.69.15.20", "PPP > LCP", "Configuration Ack" > "93", "22.089048", "67.69.15.20", "206.248.138.108", "PPTP", > "Set-Link-Info" > "94", "22.090538", "206.248.138.108", "67.69.15.20", "PPP > LCP", "Identification" > "95", "22.090965", "206.248.138.108", "67.69.15.20", "PPP > LCP", "Identification" > "96", "22.092652", "206.248.138.108", "67.69.15.20", "PPTP", > "Set-Link-Info" > "97", "22.102192", "67.69.15.20", "206.248.138.108", "PPP > CHAP", "Challenge" > "98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP", > "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0" > > Regards, > Andrew > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx