VPN issues on SBS2003 with ISA 2004 installed

---

• From: "KenCraft" <kwcraft@xxxxxxxxx>
• Date: 7 Nov 2006 10:18:15 -0800

---

I asked a question awhile ago about VPN but forgot where I posted it,
found it today and it has been closed for being to old. :-( my fault.
Anyhow:

I've been working on this issue for nearly 2 months. I have SBS 2003
patched to SP1 as well as ISA 2004 patched to SP1. My clients can
connect to VPN and log in, however most of them cannot browse. I've
narrowed down the problem to be an issue between either:

1. The Windows Firewall installed on the laptop. (I've turned this
"off" and a few of them are now able to browse. but it didn't solve
EVERYONE's problem).

2. ISA Firewall isn't accepting new policies. Running the Monitoring, I
get Kerberos-SEC(UDP) Denied when a user tries to browse. I've added a
policy to allow that protocol, but it doesn't work.

I cannot run the wizard right now because everyone is here and working,
but I can run it this evening after 6pm. Do I need to specifically add
something to the "firewall" portion of the wizard for everyone to
access?

I'm also noticing that the issue is only prevelant on machines that are
joined to the domain. I have 2 systems at home that do not belong to
the domain, but they can connect and browse resources using the proper
authentication without any problems.

another note: we are not using the firewall client on the network, it
gave us a fit when we first installed the server 2 years ago and we
developed a workaround to avoid installing it on the computers. We have
a seperate router setup as an internet gateway and that supplies
internet access to the users. below is a copy of an IPConfig /ALL from
one laptop in question, and another from the server.

Laptop:

Windows IP Configuration:

Host Name: croom1
Primary Dns Suffix: ourdomain.local
Node Type: Hybrid
IP Routing Enabled: No
WINS Proxy Enabled: No
DNS Suffix Search List: ourdomain.local


Ethernet adapter local area connection:

Connection-specific DNS Suffix .: ourdomain.local
description: 3Com 10/100
Physical Address: 00-00-86-4F-7C
Dhcp Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 192.168.254.27
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.254.1
DHCP Server: 192.168.254.3
DNS Servers: 192.168.254.3
Primary WINS Server: 192.168.254.3
Lease Obtained: Tues, Nov 07,06 12:56:11
Lease Expires: Wed, Nov 08, 06 12:56:11

Server:

Windows IP Configuration

Host Name . . . . . . . . . . . . : max
Primary Dns Suffix . . . . . . . : hannonarmstrong.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : hannonarmstrong.local

Ethernet adapter Internet Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0E-7F-AB-D6-48
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 65.196.108.242
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 65.196.108.241
DNS Servers . . . . . . . . . . . : 192.168.254.3
Primary WINS Server . . . . . . . : 192.168.254.3
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.11
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR FA311/FA312 PCI Adapter
Physical Address. . . . . . . . . : 00-09-5B-8D-12-6C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.254.3

I can drop a netdiag or dcdiag post if you want it. When I ran it there
were no errors.

thanks

.

---

• Follow-Ups:
  • RE: VPN issues on SBS2003 with ISA 2004 installed
    • From: Terence Liu [MSFT]

• Prev by Date: Re: Hosting Website
• Next by Date: WEB SSL
• Previous by thread: Unable to view some web sites
• Next by thread: RE: VPN issues on SBS2003 with ISA 2004 installed
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: VPN issues on SBS2003 with ISA 2004 installed ... server configuration. ... | internet access to the users. ... | DNS Suffix Search List: ... | Connection-specific DNS Suffix. ... (microsoft.public.windows.server.sbs) Re: RWW Unavailable ... Connection-specific DNS Suffix. ... Ethernet adapter Server Local Area Connection: ... "Frank McCallister SBS MVP" wrote: ... (microsoft.public.windows.server.sbs) Re: NAT troubleshooting ... RRAS/NAT server ... ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... (microsoft.public.windows.server.networking) Re: Major help needed ... that the original server has had major issues, ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... Ethernet adapter VMware Network Adapter VMnet8: ... (microsoft.public.windows.server.general) Re: RWW Unavailable ... running the 'Change server IP address' wizard from the Email and Internet ... Do these still result in redirection to the router interface? ... Connection-specific DNS Suffix. ... Ethernet adapter Server Local Area Connection: ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)