Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to contact VPN Server

Status
Not open for further replies.
clayndwoods

clayndwoods

IS-IT--Management
Mar 12, 2005
92
US
I'm about to pull my hair out. I installed ISA Server 2004 on Windows Server 2003-R2. I have DHCP, and DNS services running and configured as per ISA 2004 dox. As per the ISA 2004 how-to's I have the firewall rules set for (the <outside> label indicates the external adapter IP address for the ISA Server):
NAME - ACTION - PROTOCOLS - FROM/LISTEN - TO - CONDITION
1. VPN to Int - Allow - All Outbound - VPN Clients - Internal - AllUsers
2. DNS - Allow - DNS - DNS - External - AllUsers
3. VPN Publish - Allow - PPTP Server - All Networks -<outside>
4. Unrestrict - Allow - All Outbound - Internal - AllUsers
VPN Clients
5.Default - Deny - All Traffic - All Networx - All Users

I am attempting to do PPTP authenticated access only. I will eventually get to IPsec. etc. after this is running.

I can authenticate on the VPN service from inside, it gives me an IP address from it's pool, DNS entries, the whole 9 yards. I can't contact the VPN service through the firewall. I seldom get any indication the traffic ever got to the adapter, except I know it is. All the rest of the traffic is getting there. This is regardless of whether I have a machine on the same switch, same subnet, one IP across, or I access from totally outside the router.

Everything else works fine, DNS caching, all other access, Web Server perimeter access, but I haven't tried FTP yet.

I've installed all the updates/service packs on the server, service packs on ISA (I think it's at SP2), and I have been through the dox about 8 times, and it seems everything is precisely as it should be.

I just can't VPN from external to internal. Any guesses?
 
Sort by date Sort by votes
Hmmm... Please check that your VPN listens on External ISA interface.



Victor K (Microsoft Consulting Services)
MCSA/MCSE:Security & Messaging;CNE;CCSE+;CIWSP;CIWSA;Network+;CCNA;nCSE
 
Upvote 0 Downvote
VPn, as implemented in the ISA, is a function of the external interface, which has to be properly defined or the other functions will not work at all. Consequently, there's no doubt the VPN function is "listening" on the external interface.

From the word "listen" I must assume that you are thinking I have an internal VPN server that I am attempting to "Publish", and I can see from one of my failed rules in my post where you would get that impression.

I got the whole thing working just fine now. I'll have to say, the documentation, both supplied and online, leaves a great deal to be desired, but at isaserver.org there is a vast amount of info, discussion, and some tutorials that are very imformative.

Thanks for the suggestion.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
255
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
272
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
266
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
117
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
335
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top