Re: Bizzare ISA2004 VPN Issues, Please help

From: Eric Sun [MSFT] (v-ericsu_at_online.microsoft.com)
Date: 09/24/04 

Date: Fri, 24 Sep 2004 14:20:37 GMT

Hi Zane,

Thanks for your great information. Below is my research result and followed by action plan

1. From the screenshot of port lists, we can see the PPTP are not listed and L2TP is listed as 'Used by' 'RAS/Routing'.
>From the screenshot of port properties, we can the PPTP are 'used by' 'RAS' and L2TP are used by 'None' (which should not be
listed in the port list with 'None' .)

Action Plan: In the port properties, click PPTP and click configure button. Check the following two check box.

'Remote access connections (inbound only)'
'Demand-dial routing connections' (inbound and outbound)'

Click L2TP and click configure button. Then Uncheck the above two check box

Refresh the port list. What's the result now?

2. If the problem persists, I think the RRAS service may have crashed. Please reinstall the RRAS service in the Add/Remove
program. Reconfigure the VPN. What's the result?

3. After check your ISA information and configuration, I do not find evident errors. I suggest you to disable the ISA
service and directly use the RRAS service to serve as VPN. What's the result? We need to know that the RRAS service is good so
that we can concentrate on the ISA and continue the troubleshooting.

Thanks for your time and I look forward to your reply.

Best Regards,

Eric Sun,
MCSE2000 / MSCA / MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
| From: "Z D" <nospam@nospam.com>
| References: <ea6OWGNoEHA.1608@TK2MSFTNGP15.phx.gbl> <jMLshSVoEHA.2640@cpmsftngxa06.phx.gbl>
| Subject: Re: Bizzare ISA2004 VPN Issues, Please help
| Date: Thu, 23 Sep 2004 15:13:42 -0400
| Lines: 130
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <#yTToGaoEHA.324@TK2MSFTNGP11.phx.gbl>
| Newsgroups: microsoft.public.isa
| NNTP-Posting-Host: cpe0006258c9fd4-cm000039948c5e.cpe.net.cable.rogers.com 69.196.101.145
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.isa:50906
| X-Tomcat-NG: microsoft.public.isa
|
| Hi Eric,
|
| I've sent you all the info in an email earlier this morning. Hopefully you
| will be able to make some sense of what's going on!
|
| thanks
| -ZD
|
|
| ""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
| news:jMLshSVoEHA.2640@cpmsftngxa06.phx.gbl...
| > Hi,
| >
| > After testing, I cannot reproduce the problem, if 'Enable VPN Client'
| > wizard was run, 5 PPTP ports should be created in RRAS
| > automatically.
| >
| > I would suggest the following:
| >
| > I. Disable VPN in ISA console.
| >
| > 1. Open ISA Manament.
| > 2. Click VPN node
| > 3. CLick 'Verify that VPN client is enabled'
| > 4. Uncheck the 'Enable the VPN client access' option
| > 5 CLick OK
| > 6 CLick apply
| >
| > II. Disable RRAS.
| >
| > 1. Open RRAS console
| > 2. Right click Server and click All Task -> Stop
| >
| > III. Enable VPN access with only PPTP.
| >
| > 1. Open ISA Manament.
| > 2. Click VPN node
| > 3. CLick 'Verify that VPN client is enabled'
| > 4. Check the 'Enable the VPN client access' option
| > 5. In the protocol tab, please check PPTP option and uncheck L2TP option
| > 5 CLick OK
| > 6 CLick apply
| >
| > Are the ports created in RRAS? Could this issue be reproduced?
| >
| > If the problem persists, let's get the application & System event logs,
| > ISAINFO for ISA 2K4. to me at v-ericsu@microsoft.com
| >
| > 1) Download the file from the following URL:
| > http://www.isatools.org/isainfo/ISAInfo.zip
| > 2) Extract all files to a folder on ISA server
| > 3) Double click Isainfo.js. This will generate 2 files
| > ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-
| > name>.xml in the current folder.
| > 4) Please send these files to me.
| >
| > Hope that helps.
| >
| > Best Regards,
| >
| > Eric Sun,
| > MCSE2000 / MSCA / MCDBA
| > Microsoft Online Partner Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via
| > your newsreader so that others may learn and benefit
| > from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no rights
| > --------------------
| > | From: "Z D" <nospam@nospam.com>
| > | Subject: Bizzare ISA2004 VPN Issues, Please help
| > | Date: Wed, 22 Sep 2004 14:24:19 -0400
| > | Lines: 28
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | Message-ID: <ea6OWGNoEHA.1608@TK2MSFTNGP15.phx.gbl>
| > | Newsgroups: microsoft.public.isa,microsoft.public.isa.vpn
| > | NNTP-Posting-Host:
| > cpe0006258c9fd4-cm000039948c5e.cpe.net.cable.rogers.com 69.196.101.145
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl microsoft.public.isa.vpn:5113
| > microsoft.public.isa:50880
| > | X-Tomcat-NG: microsoft.public.isa
| > |
| > | Hello,
| > |
| > | I have some strange VPN behaviour with ISA2004.
| > |
| > | I have configured ISA 2004 to allow 5 VPN connections. I've only
| > allowed
| > | PPTP and not L2P/IPSEC.
| > |
| > | I have the necessary secuirty permissions for the client dialing in.
| > |
| > | When the client tries to VPN in, I get Error 800. When I view the
| > ISA2004
| > | realtime logs, it says "Protocol: PPTP, Action: Failed Connection
| > Attempt,
| > | Rule: Allow VPN Traffic to ISA Server".
| > |
| > | I couldn't figure out what was going on so I manually went into RRAS to
| > | double check the settings that ISA2004 should have configured in it.
| > | I noticed that there are only L2P ports available (WAN Miniport
| > | (L2P)(VPN4-...) )!!! No PPTP ports are configured!!
| > |
| > | So, I went back to ISA 2004 and I can see for sure that PPTP is selected
| > and
| > | L2P/IPSEC is NOT selected. SO, what is going on? Why isn't ISA putting
| > the
| > | correct info into RRAS? Is it a bug?
| > |
| > |
| > | please advise, thanks!
| > |
| > | -ZD
| > |
| > |
| > |
| >
| >
|
|
|