Re: VPN/ISA 2004 issue after SP1 install on sbs2003
- From: Ian <nospam@xxxxxxxxxx>
- Date: Thu, 29 Dec 2005 15:16:43 +0000
Hi Crina
It is Ian, a colleague of Colin, he is on holiday now and I am back
from holiday to try and fix this VPN problem!
To aid troubleshooting I have replicated the client's network with our
own SBS server which is the same as theirs (SBS 2003 Premium SP1 with
ISA 2004) and another Draytek router.
I have set up the Draytek and ISA 2004 from scratch following the same
procedure as used on the client's network with the addition that I
have used your method in steps 1-3 to set up the network, network
rules and access rules in ISA. I have read the two articles on
ISAserver.org and they helped me see how this worked. Unfortuntaly
they both seem to be the other way around from our situation where we
have the Draytek dialling in to the SBS and the articles seem to have
the ISA 2004 dialling *out*.
Anyway, it is set up and still does not work. I cannot ping from
either end. The Draytek sometimes shows the VPN connection as 'up' but
only for a few seconds at most. No packets are transferred.
So I will send you the details you ask for to your own email and hope
you can help!
Many thanks
Ian
On Mon, 26 Dec 2005 10:22:15 GMT, v-crinal@xxxxxxxxxxxxxxxxxxxx
("Crina Li") wrote:
>Hi Colin,
>
>Thanks for your reply.
>
>I am sorry for the delayed response due to weekend. Please understand that
>the newsgroups are staffed weekdays by Microsoft Support professionals to
>answer your systems and applications questions. Your understanding is
>greatly appreciated!
>
>To narrow down the problem, would you please help me confirm if you have
>followed the steps to create the VPN from router to ISA 2004?
>
>1. Create a new Remote site Network.
>2. Create a Network Rule that Defines the Route Relationship Between the
>Main and Branch Office.
>3. Create Access Rules Allowing Traffic from the Main Office to the Branch
>Office and from Branch Office to Main Office.
>
>You can also refer to the steps from "Run the remote site wizard on the ISA
>firewall" section to the end section listed in the following document:
>
>Configuring a Site to Site VPN between an 2004 ISA firewall and ISA Server
>2000 (v1.2)
>http://www.isaserver.org/articles/2004s2s2000.html
>
>More information:
>
>Establishing an IPSec site-to-site tunnel between an ISA 2004 Firewall and
>a D-Link DI-804HV IPSec VPN Router
>http://www.isaserver.org/articles/2004isadlink.html
>
>If you have done so, would you please help me collect the following
>information?
>
>1. Collect the ISA info:
>
>1) Download the file from the following URL:
>
> http://www.isatools.org/isainfo/ISAInfo.zip
>
>2) Extract all files to a folder on ISA server
>3) Double click Isainfo.js. This will generate 2 files
>ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
>current folder.
>4) Please send these files to me at v-crinal@xxxxxxxxxxxxxx
>
>2. Please also help to gather the ISA logs:
>
>1) Schedule a down time.
>2) Open ISA 2004 management console.
>3) Expand the server node and highlight 'Monitoring'.
>4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
>Pane' is showed there.
>5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
>Tasks', and then switch the 'log storage format' from 'MSDE database'
>(default) to 'File'.
>6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
>7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
>Tasks', and then switch the 'log storage format' from 'MSDE database'
>(default) to 'File'.
>8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
>9) Click 'Apply' to save changes and update the configuration.
>10) Temporarily disable the Firewall service. To do that, please click
>Monitoring | Services tab, and then right click 'Microsoft Firewall' to
>choose 'Stop'.
>11) Clear the current existing W3C logs. To do that, go to the log saving
>directory and clean any existing .W3C logs. By default, the logs will be
>saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
>be able to deleted, that's normal.) You may backup them first and then
>delete them.
>12) Go back to the ISA 2004 management console, and then Start the stopped
>'Microsoft Firewall' service.
>13) Reproduce the problem (initiate an SQL access), stop the service, and
>then gather the resulting W3C files to me for analysis.
>
>I am appreciated your time and look forward to hearing from you.
>
>Best regards,
>
>Crina Li (MSFT)
>
>Microsoft CSS Online Newsgroup Support
>
>Get Secure! - www.microsoft.com/security
>
>=====================================================
>This newsgroup only focuses on SBS technical issues. If you have issues
>regarding other Microsoft products, you'd better post in the corresponding
>newsgroups so that they can be resolved in an efficient and timely manner.
>You can locate the newsgroup here:
>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
>When opening a new thread via the web interface, we recommend you check the
>"Notify me of replies" box to receive e-mail notifications when there are
>any updates in your thread. When responding to posts via your newsreader,
>please "Reply to Group" so that others may learn and benefit from your
>issue.
>
>Microsoft engineers can only focus on one issue per thread. Although we
>provide other information for your reference, we recommend you post
>different incidents in different threads to keep the thread clean. In doing
>so, it will ensure your issues are resolved in a timely manner.
>
>For urgent issues, you may want to contact Microsoft CSS directly. Please
>check http://support.microsoft.com for regional support phone numbers.
>
>Any input or comments in this thread are highly appreciated.
>
>=====================================================
>
>This posting is provided "AS IS" with no warranties, and confers no rights.
>--------------------
>| From: "cdlaurie" <CLAURIE@xxxxxxxxxxxxxxxx>
>| Newsgroups: microsoft.public.windows.server.sbs
>| Subject: VPN/ISA 2004 issue after SP1 install on sbs2003
>| Date: 22 Dec 2005 04:33:38 -0800
>| Organization: http://groups.google.com
>|
>|
>| I am having issues with 2 remote sites connecting to sbs2003 premium
>| after installing sp1 which as you know has upgraded isa.
>|
>| The sites are connected to head office external nic using Draytek 2600
>| routers, using pptp vpn . The head office has sbs2003 with ISA 2004.
>| The client pc's in the branch offices seem to have intermittent
>| connection and upon looking in event logs on sbs, there are numerous
>| events which are appearing every 30 seconds (see below).
>|
>| The 2 branch offices use the 192.168.1.x & 192.168.2.x subnets and
>| these are mentioned in the event logs.
>| I have also noticed on the Draytek that the packets transferred between
>| branch office and Head office are no longer encrypted (as they are
>| normally shown in green). Furthermore the branch office routers are not
>| transmitting packets but are not recieving any from SBS at the head
>| office.
>|
>| I have performed various searches for the specific events and have
>| found some info but not all apears relevant, the info that has ben
>| relevant i have tried but have had no success.
>|
>| Have any of you encouuntered such a scenario or point me in direction
>| of some resources.
>|
>| Any help greatly appreciated!
>|
>| Colin
>|
>|
>| The event logs are:
>|
>| Event Type: Warning
>| Event Source: Microsoft Firewall
>| Event Category: Packet filter
>| Event ID: 15108
>| Date: 22/12/2005
>| Time: 11:06:13
>| User: N/A
>| Computer: SBS2003
>| Description:
>| ISA Server detected a spoof attack from Internet Protocol (IP) address
>| 192.168.1.13. A spoof attack occurs when an IP address that is not
>| reachable via the interface on which the packet was received. If
>| logging for dropped packets is set, you can view details in the packet
>| filter log.
>|
>| For more information, see Help and Support Center at
>| http://go.microsoft.com/fwlink/events.asp.
>|
>| ---------------------------------
>|
>| Event Type: Error
>| Event Source: Microsoft Firewall
>| Event Category: None
>| Event ID: 14147
>| Date: 22/12/2005
>| Time: 11:04:33
>| User: N/A
>| Computer: SBS2003
>| Description:
>| ISA Server detected routes through adapter Network Connection that do
>| not correlate with the network element to which this adapter belongs.
>| For best practice, the address range of an ISA Server network should
>| match the address ranges routable through the associated network
>| adapter as defined in the routing table. Otherwise valid packets may be
>| dropped as spoofed. (This alert may occur momentarily when you create a
>| remote site network. You may safely ignore this message if it does not
>| reoccur.) The address ranges in conflict are:
>| 192.168.1.0-192.168.2.255;.
>|
>| For more information, see Help and Support Center at
>| http://go.microsoft.com/fwlink/events.asp.
>|
>|
.
- Follow-Ups:
- Re: VPN/ISA 2004 issue after SP1 install on sbs2003
- From: "Crina Li"
- Re: VPN/ISA 2004 issue after SP1 install on sbs2003
- References:
- RE: VPN/ISA 2004 issue after SP1 install on sbs2003
- From: "Crina Li"
- RE: VPN/ISA 2004 issue after SP1 install on sbs2003
- Prev by Date: Imported GAL into Pop3 account causing issues
- Next by Date: Re: Can ISA 2004 be used to limit surfing of inappropriate sites?
- Previous by thread: RE: VPN/ISA 2004 issue after SP1 install on sbs2003
- Next by thread: Re: VPN/ISA 2004 issue after SP1 install on sbs2003
- Index(es):
Relevant Pages
|
