Re: Clients VPN through ISA 2004
From: Tristan Kington [MSFT] (tristank_at_online.microsoft.com)
Date: 10/26/04
- Next message: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Previous message: Bill Blomgren [MSFT]: "Re: VPN from behind ISA 2004"
- In reply to: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Next in thread: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Reply: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 26 Oct 2004 23:21:40 +1000
VPN connections happen at a lower level than regular Winsock connections, so
the Firewall Client should be disabled while you try it.
Basically, VPN works at the SecureNAT client layer (IP layer - clients that
use ISA Server in line with their default gateway to the internet).
If you make your D.G. the internal IP of the ISA Server, you might have more
luck.
"Chris Roberts" <chris.roberts@robertsc.fsnet.co.uk> wrote in message
news:clldgp$m5$1@news7.svr.pol.co.uk...
> Thanks Tristan,
>
> I've tried creating a rule for any user, from internal to External, but no
> joy.
>
> I've tried monitoring the connection using the logging tab, with an open
> filter, but no traffic appears. I can see traffic from MSN and HTTP from
> the test client but nothing assosiated with VPN or the server that the VPN
> it's trying to connect to. I have a feeling that something is stopping the
> VPN protocol from getting to the ISA Server.
>
> I'm using the Firewall Client on the client machine, and am not sure
> whether or not that is something to do with it. I know it origionaly
> blocked all traffic from Outlook 2003 until I found a setting in
> Configuration\General\Configure Firewall Client Settings. I don't know if
> there is something similar for VPN.
>
> I don't suppose anyone has any ideas of what could be stopping this?
>
> Many thanks in advance
>
> Chris
>
> "Tristan Kington [MSFT]" <tristank@online.microsoft.com> wrote in message
> news:eXqY8rzuEHA.4084@TK2MSFTNGP10.phx.gbl...
>> It definitely works for me at home, but I don't use authentication in my
>> ruleset there.
>>
>> I believe that if you create a rule that allows the VPN protocol (eg,
>> PPTP) you're using to the destination, unauthenticated (eg, applies to
>> All Users or a client set, not a domain user), that it'll probably work.
>>
>> You can work out why something's failing using ISA's monitoring
>> interface, Logging tab. Hit start, and watch while a client makes a
>> connection.
>>
>> --
>> http://blogs.msdn.com/tristank/
>> --
>> This post is provided AS-IS, and confers no warranty.
>>
>>
>> "Chris Roberts" <chris.roberts@robertsc.fsnet.co.uk> wrote in message
>> news:clkukk$gu1$1@newsg1.svr.pol.co.uk...
>>> Does any one know how I can configure ISA 2004 to let clients on my
>>> local
>>> network VPN out through the ISA server to other servers that do not use
>>> ISA.
>>> I've attempted to describe the schema bellow
>>>
>>>
>>> Clients attempting to VPN (Local Network) > ISA 2004 > Internet > VPN
>>> Server
>>>
>>> Many thanks
>>>
>>> Chris
>>> chris.roberts@optima-ws.com
>>>
>>>
>>
>>
>
>
- Next message: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Previous message: Bill Blomgren [MSFT]: "Re: VPN from behind ISA 2004"
- In reply to: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Next in thread: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Reply: Chris Roberts: "Re: Clients VPN through ISA 2004"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
