Re: Conecting to an external VPN

Ok, well the only option I see is this:

You said there was a DSL "router" involved,...well then there has to be a DSL
Modem involved too,..hopefully a separate "box" from the router. Get rid of
the "router" and plug the cable directly into the ISA's external Nic and
configure the IP specs on the ISA's external Nic to match what the external
interface of the "router" used to be.

Thse DSL "routers" are not really routers, they are just simple "low-buck"
hardware firewalls. When you use them in-line with ISA you are creating a
needless Back-to-Back DMZ and are also limiting your functionality to what ever
the home user "router" is capable of doing.

If the DSL is using PPPoE, then you will have to follow this:

How to configure a PPPoE connection in ISA Server 2006 or in ISA Server 2004
http://support.microsoft.com/kb/837830

There may be articles out there with details on working with users making
outbound VPN connections,...but I was unable to find any. Please keep in mind
that the *intent* is never to allow that. If you look at the following link:
VPN Concepts in ISA Server 2006
http://www.microsoft.com/technet/isa/2006/vpn.mspx

...and look right near the begining it lists the two types of VPNs:

1. Remote Access VPN
2. Site-to-Site VPN

Neither of these is what you are doing. The first is a user initiated VPN but is
*inbound* from the outside. The second is a Site-to-Site between ISA itself and
another VPN Device or another ISA and is used to connect two networks together,
not connect users to networks.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

"averied" <averied@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:07D518EA-452B-45A6-BD18-0983891D1A75@xxxxxxxxxxxxxxxx
Ok.. I would, but the VPN server is not mine.. it's our customers, and I'm
trying to connect to them.. the problem is with our ISA Server.. we don't
have any problem connecting to PPTP VPN servers, but this IPSec connection is
getting blocked..

"Phillip Windell" wrote:

Use PPTP

Since you are already creating a massive security hole by having users make
outbound VPN "calls" on their own,...the security difference between PPTP and
L2TP doesn't amount to squat.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or
anyone else associated with me, including my cats.
-----------------------------------------------------

"averied" <averied@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:75A27438-F953-460D-BE35-8862C4BECCC9@xxxxxxxxxxxxxxxx
Ok.. so still unable to connect..

There is no firewall client.. the client is SecureNAT..All protocols are
open by a firewall rule.. However, the connection still timesout.. I can
see
in the isalog that the connection is been established, it's a IKE client in
port 500 connectoin..

can this be a NAT-T problem??.. but anyway I used the registry fix I
mentioned above.. so this issue is driving me crazy.. I just need to fix
this.. please help!!

"Phillip Windell" wrote:

"averied" <averied@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8B5C12E0-E507-4E98-AB95-04E97301343C@xxxxxxxxxxxxxxxx
The client I'm using doesnt have any firewall client installed, windows
firewall is disables, and I don't have any other firewall.. The default
gateway is poiting to my ISA server's internal NIC, so I suposse this
makes

The Windows Firewall has nothing to do with the Firewall Client and it
does
not
disable anything. But leave the thing turned off until things work,..you
just
can't leave that thing running when you are trying to troubleshoot things.
I
never leave it running on anything anyway, I keep it disabled across the
entire
LAN,...it only comes on when using the laptops outside away from the
Domain,...GPO controls that.

it a SecureNAT

Still something is missing, coz the same VPN connects if I don't make
this
client pass through the ISA server.. any ideas???

No I have no other ideas.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or
anyone else associated with me, including my cats.
-----------------------------------------------------








.

Relevant Pages

  • Re: VPN Setup Q
    ... As the firewall is built in the router, ... will be better to consult the router manufacture to see if it supports VPN ... |> 2004 as the firewall server, I believe the below article in Microsoft ...
    (microsoft.public.win2000.ras_routing)
  • RE: [fw-wiz] Cisco Pix 515E Configuration
    ... that it was by design because it is a firewall. ... Will this be a fix for VPN traffic only? ... And I don't think the PIX would be considered a router just ... Features are sometimes added that increase risk but provide more ...
    (Firewall-Wizards)
  • RE: How to setup SBS Network Interface for VPN connection to remot
    ... configuration at this company to allow the Router to Router method. ... You want to know how to create a site-to-site VPN connection from the SBS ... ISA server available). ...
    (microsoft.public.windows.server.sbs)
  • Re: Network card configuration advice
    ... the Watguard firewall facilities rather than those with the Cisco router, ... but we want to make use of the Cisco router VPN for connecting remotely ... workstations and server behind the watguard firewall. ... then access the internal network via network card 2 which sits behind the ...
    (microsoft.public.windows.server.sbs)
  • RE: [fw-wiz] vpn end-point
    ... If possible I would end the VPN tunnel on the Router and then ... pass the traffic through the firewall. ... setup rules for specific protocols/ports much more easily. ...
    (Firewall-Wizards)