http://www.ISAserver.org ------------------------------------------------------- OK, that's true. I can't say for sure without the actual capture, but if you combine the following: 1. Clueless admin 2. Pattern seen in the capture 3. Reported error I have a guess that fits within a 95% confidence interval. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Wednesday, March 22, 2006 8:28 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN over the net > > http://www.ISAserver.org > ------------------------------------------------------- > > Could be - we need to see what's inside the packets; not just > a text summary. > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Wednesday, March 22, 2006 18:22 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: VPN over the net > > Bingo: > "98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP", > "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0" > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > -- ISA Firewalls > > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > Sent: Wednesday, March 22, 2006 8:14 PM > To: isalist@xxxxxxxxxxxxx > Subject: RE: [isalist] Re: VPN over the net > > > Here is a dump off the ISA server just taken now using > Ethereal. This time I just used the access rule I created for > PPTP and L2PT which gave me the 619 error machine. I looked > it up and several sites say that you need to have port 1723 > option and protocol #47 GRE as well. I don't see any GRE in > ISA's protocol list so I am not sure if it's open by default or not. > > "77", "20.354517", "206.248.138.108", "67.69.15.20", > "TCP", "60637 > pptp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412" > "78", "20.356294", "67.69.15.20", "206.248.138.108", > "TCP", "pptp > 60637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460" > "79", "20.708283", "206.248.138.108", "67.69.15.20", > "TCP", "60637 > pptp [ACK] Seq=1 Ack=1 Win=65535 Len=0" > "80", "20.711863", "206.248.138.108", "67.69.15.20", > "PPTP", "Start-Control-Connection-Request" > "81", "20.719783", "67.69.15.20", "206.248.138.108", > "PPTP", "Start-Control-Connection-Reply" > "82", "21.109566", "206.248.138.108", "67.69.15.20", > "PPTP", "Outgoing-Call-Request" > "83", "21.133715", "67.69.15.20", "206.248.138.108", > "PPTP", "Outgoing-Call-Reply" > "84", "21.489766", "206.248.138.108", "67.69.15.20", > "PPTP", "Set-Link-Info" > "85", "21.492862", "206.248.138.108", "67.69.15.20", > "PPP LCP", "Configuration Request" > "86", "21.514942", "67.69.15.20", "206.248.138.108", > "PPP LCP", "Configuration Request" > "87", "21.515068", "67.69.15.20", "206.248.138.108", > "PPP LCP", "Configuration Ack" > "88", "21.687898", "67.69.15.20", "206.248.138.108", > "TCP", "pptp > 60637 [ACK] Seq=189 Ack=349 Win=65187 Len=0" > "89", "21.881650", "206.248.138.108", "67.69.15.20", > "PPP LCP", "Configuration Reject" > "90", "21.881897", "67.69.15.20", "206.248.138.108", > "PPP LCP", "Configuration Request" > "91", "21.982027", "206.248.138.108", "67.69.15.20", > "GRE", "Encapsulated PPP" > "92", "22.088583", "206.248.138.108", "67.69.15.20", > "PPP LCP", "Configuration Ack" > "93", "22.089048", "67.69.15.20", "206.248.138.108", > "PPTP", "Set-Link-Info" > "94", "22.090538", "206.248.138.108", "67.69.15.20", > "PPP LCP", "Identification" > "95", "22.090965", "206.248.138.108", "67.69.15.20", > "PPP LCP", "Identification" > "96", "22.092652", "206.248.138.108", "67.69.15.20", > "PPTP", "Set-Link-Info" > "97", "22.102192", "67.69.15.20", "206.248.138.108", > "PPP CHAP", "Challenge" > "98", "22.160985", "206.248.138.108", "67.69.15.20", > "TCP", "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0" > > Regards, > Andrew > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx