Re: Unable to make VPN connection to ISA 2006 Standard

---

• From: "Jim Harrison \(ISA SE\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 8 Nov 2007 14:19:07 -0800

---

PPTP is not just "port 1723"; it's also IP:47 (NOT "port 47"), also known as
GRE.
If the routers in question don't allow IP:47, then PPTP can never succeed.
If the VPN clients are configured for "automatic" VPN protocol, they'll try
IPSec when PPTP fails and that's probably why you see IKE.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Mike Iles" <MikeIles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6EBB2558-67BE-4F9A-8867-CC27D7A28A5A@xxxxxxxxxxxxxxxx
I'm tearing my hair out trying to get VPN client access to work on a
particular system. Its Server 2003 R2 with ISA 2006 Standard and I have
followed all the guidelines for providing VPN access (and I have done this
many times before).
The symptom is that the client times out trying to connect with the error
indicating the VPN server didn't respond. Monitoring at the ISA server you
see the PPTP connection established and a subsequent disconnection.
VPN is set to use DHCP and RRAS has successfully acquired a block of
addresses on starting. When the connection is initiated however, it doesn't
get as far as assigning an IP address to the internal interface. No events
logged and no other problems with ISA.

This is one of a pair of identical systems at two different sites and the
other works fine (using the same client pc too). They have the same routers,
identifically configured to ensure that port 1723 is passed.

Sometimes, but not always, between the PPTP connect and disconnect the ISA
log shows a failed access from External to Local host with the IKE client
(port 500). The source IP address is similar, but not the same as the client
PC. Adding a rule to pass this traffic still doesn't get a connection.

Any further troubleshooting tips welcome

.

---

• Follow-Ups:
  • Re: Unable to make VPN connection to ISA 2006 Standard
    • From: Mike Iles

• Prev by Date: Maybe someone here knows, SBS forum had no luck
• Next by Date: Re: Unable to make VPN connection to ISA 2006 Standard
• Previous by thread: Maybe someone here knows, SBS forum had no luck
• Next by thread: Re: Unable to make VPN connection to ISA 2006 Standard
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Outgoing VPN Error 619 ... Outbound VPN problem: ... Q1 - is the test client configured as SecureNET? ... Q2 - what do you find in the ISA logs for your tests? ... I've checked in local network rules and I do have a rule called VPN clients ... (microsoft.public.isa.vpn) RE: VPN timeouts ... I do not use ISA & was wondering if there is a configurable option on the ... You remote clients VPN connection will timeout while trying to connect SBS ... between remote client and SBS server which caused by lack of network ... (microsoft.public.windows.server.sbs) Re: Unable to make VPN connection to ISA 2006 Standard ... Router and the isa server this nat enabled, then the pptp tunnel will fail? ... If i initialize an vpn connection with a windows client, ... (microsoft.public.isa.vpn) RE: ISA2004 kills VPN outbound ... I understand that after you upgraded ISA 2000 to ISA ... 825763 How to configure Internet access in Windows Small Business Server ... Then, establish the VPN connection again, does it work this time? ... FW client and configure the client as a SecureNAT client. ... (microsoft.public.windows.server.sbs) Re: Outgoing VPN Error 619 ... With the outgoing PPTP VPN's I have that allow all rule but they are still ... PPTP clients are configured to use ISA as a hop to the Internet (SecureNET ... Neither a web proxy client nor a Firewall client host ... SecureNAT Clients while still trying to have Web and Firewall Client ... (microsoft.public.isa.vpn)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.vpn  > 2007-11