RE: VPN/ISA 2004 issue after SP1 install on sbs2003
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Mon, 26 Dec 2005 10:22:15 GMT
Hi Colin,
Thanks for your reply.
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
To narrow down the problem, would you please help me confirm if you have
followed the steps to create the VPN from router to ISA 2004?
1. Create a new Remote site Network.
2. Create a Network Rule that Defines the Route Relationship Between the
Main and Branch Office.
3. Create Access Rules Allowing Traffic from the Main Office to the Branch
Office and from Branch Office to Main Office.
You can also refer to the steps from "Run the remote site wizard on the ISA
firewall" section to the end section listed in the following document:
Configuring a Site to Site VPN between an 2004 ISA firewall and ISA Server
2000 (v1.2)
http://www.isaserver.org/articles/2004s2s2000.html
More information:
Establishing an IPSec site-to-site tunnel between an ISA 2004 Firewall and
a D-Link DI-804HV IPSec VPN Router
http://www.isaserver.org/articles/2004isadlink.html
If you have done so, would you please help me collect the following
information?
1. Collect the ISA info:
1) Download the file from the following URL:
http://www.isatools.org/isainfo/ISAInfo.zip
2) Extract all files to a folder on ISA server
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-crinal@xxxxxxxxxxxxxx
2. Please also help to gather the ISA logs:
1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem (initiate an SQL access), stop the service, and
then gather the resulting W3C files to me for analysis.
I am appreciated your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "cdlaurie" <CLAURIE@xxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: VPN/ISA 2004 issue after SP1 install on sbs2003
| Date: 22 Dec 2005 04:33:38 -0800
| Organization: http://groups.google.com
|
|
| I am having issues with 2 remote sites connecting to sbs2003 premium
| after installing sp1 which as you know has upgraded isa.
|
| The sites are connected to head office external nic using Draytek 2600
| routers, using pptp vpn . The head office has sbs2003 with ISA 2004.
| The client pc's in the branch offices seem to have intermittent
| connection and upon looking in event logs on sbs, there are numerous
| events which are appearing every 30 seconds (see below).
|
| The 2 branch offices use the 192.168.1.x & 192.168.2.x subnets and
| these are mentioned in the event logs.
| I have also noticed on the Draytek that the packets transferred between
| branch office and Head office are no longer encrypted (as they are
| normally shown in green). Furthermore the branch office routers are not
| transmitting packets but are not recieving any from SBS at the head
| office.
|
| I have performed various searches for the specific events and have
| found some info but not all apears relevant, the info that has ben
| relevant i have tried but have had no success.
|
| Have any of you encouuntered such a scenario or point me in direction
| of some resources.
|
| Any help greatly appreciated!
|
| Colin
|
|
| The event logs are:
|
| Event Type: Warning
| Event Source: Microsoft Firewall
| Event Category: Packet filter
| Event ID: 15108
| Date: 22/12/2005
| Time: 11:06:13
| User: N/A
| Computer: SBS2003
| Description:
| ISA Server detected a spoof attack from Internet Protocol (IP) address
| 192.168.1.13. A spoof attack occurs when an IP address that is not
| reachable via the interface on which the packet was received. If
| logging for dropped packets is set, you can view details in the packet
| filter log.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
| ---------------------------------
|
| Event Type: Error
| Event Source: Microsoft Firewall
| Event Category: None
| Event ID: 14147
| Date: 22/12/2005
| Time: 11:04:33
| User: N/A
| Computer: SBS2003
| Description:
| ISA Server detected routes through adapter Network Connection that do
| not correlate with the network element to which this adapter belongs.
| For best practice, the address range of an ISA Server network should
| match the address ranges routable through the associated network
| adapter as defined in the routing table. Otherwise valid packets may be
| dropped as spoofed. (This alert may occur momentarily when you create a
| remote site network. You may safely ignore this message if it does not
| reoccur.) The address ranges in conflict are:
| 192.168.1.0-192.168.2.255;.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
|
.
- Follow-Ups:
- Prev by Date: Re: Problems pushing Fax Client to desktop.
- Next by Date: Re: Clients not able to login to Domain
- Previous by thread: RE: VPN/ISA 2004 issue after SP1 install on sbs2003
- Next by thread: Re: VPN/ISA 2004 issue after SP1 install on sbs2003
- Index(es):
Relevant Pages
|
Loading
