VPN with ISA 2004

**ps3cheats** · 25-Mar-2007, 09:50 PM

I currently have a problem with VPN access through my ISA 2004 std ed server.
so far, ISA is working well, as a proxy and firewall. All clients from the LAN are able to browse the itnernet a proxy clients (proxy details configured in IE). The problem occurs when i try to set ISA up as a VPN Server

Here is my current setup:
All servers running windows 2003 Server Std Edition R2

___________________________________________________________________________________________________
|---------|
|Internet|
|---------|
|
|
|
|
|
|
| Router WAN interface: Static IP and DNS servers provided by ISP
|
|----------------------|
|DSL Router/firewall|
|----------------------|
|
| Router LAN Interface- IP addr: 192.168.10.1
|
|
|
|
|
| ISA External Interface -
| IP: 192.168.10.2/24
Outside | Def gw: 192.168.10.1 (router lan interface)
| DNS: none
|--------------|
=======|ISA Server |=============================================================
|--------------|
(inside) | ISA Internal Interface -
| IP: 192.168.1.10/24
| Def gw: none
| DNS: 192.168.1.11 (DC)
|
|
|
|
|
|
|-------------| |------| IP: 192.168.1.12/24
|LAN Switch|-----------------------|client| Def GW: 192.168.1.11 (DC)
|-------------| |------| DNS: 192.168.1.11 (DC)
|
|
|
|
|-----------------|
|Domain controller|
|-----------------|
Domain Dontroller: set up with DNS forwarding to ISP's DNS servers for non-local domain info
IP address: 192.168.1.11/24
Def GW: 192.168.1.10 (ISA internal interface)
DNS: 192.168.1.11

___________________________________________________________________________________________________

I have gone through the default process:
- Ensured VPN client access is enabled
- specified windows grpups that are allowed VPN access
- Enabled PPTP and L2TP
- remote access config=: access network: internal; address assignment: static pool (192.168.100.100/150); internal network used for DNS; authentication: MS Chap v2; radius not used
- Firewall Access:
Action: allow; Protocols: All outbound traffic; from/listner: vpn clients; to: internal; condition: All users
- network rules: left default/unchanged "VPN clients to internal network"

I have opened up all VPN ports on the DSL router/firewall to ISA's external NIC (192.168.10.2).

but still, i canot connect via vpn from another network. Err: the remote computer did not respond.

I have tested wVPN without ISA, and it works, so it means there's nothing wrong with the router/firewall.

any help would really be appreciated

**ps3cheats** · 25-Mar-2007, 09:50 PM

Confirm please that you have installed service pack 2 for isa and then installed the post service pack rollup patches.
Open the ISA gui, select monitoring - sessions - do you see any connection attempts?
Select monitoring - alerts - anything in the list?
Select monitoring - logging - click on start query.
Make a connection attempt.
Do you see the connection attempts in the log? Are these succeeding or failing?
Anything in the MS Event logs?

Run up the Best Practice analyser and review the results. Anything reported?
http://www.microsoft.com/downloads/details.aspx?FamilyID=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en

Any issues with the RRAS services?

Check out the log with the dsl router. Possibly an option with the doubl;e NATting. (dsl router and ISA). Have you enabled the transparent nat protocol also?

25-Mar-2007, 09:50 PM	#1 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	VPN with ISA 2004 I currently have a problem with VPN access through my ISA 2004 std ed server. so far, ISA is working well, as a proxy and firewall. All clients from the LAN are able to browse the itnernet a proxy clients (proxy details configured in IE). The problem occurs when i try to set ISA up as a VPN Server Here is my current setup: All servers running windows 2003 Server Std Edition R2 ___________________________________________________________________________________________________ \|---------\| \|Internet\| \|---------\| \| \| \| \| \| \| \| Router WAN interface: Static IP and DNS servers provided by ISP \| \|----------------------\| \|DSL Router/firewall\| \|----------------------\| \| \| Router LAN Interface- IP addr: 192.168.10.1 \| \| \| \| \| \| ISA External Interface - \| IP: 192.168.10.2/24 Outside \| Def gw: 192.168.10.1 (router lan interface) \| DNS: none \|--------------\| =======\|ISA Server \|============================================================= \|--------------\| (inside) \| ISA Internal Interface - \| IP: 192.168.1.10/24 \| Def gw: none \| DNS: 192.168.1.11 (DC) \| \| \| \| \| \| \|-------------\| \|------\| IP: 192.168.1.12/24 \|LAN Switch\|-----------------------\|client\| Def GW: 192.168.1.11 (DC) \|-------------\| \|------\| DNS: 192.168.1.11 (DC) \| \| \| \| \|-----------------\| \|Domain controller\| \|-----------------\| Domain Dontroller: set up with DNS forwarding to ISP's DNS servers for non-local domain info IP address: 192.168.1.11/24 Def GW: 192.168.1.10 (ISA internal interface) DNS: 192.168.1.11 ___________________________________________________________________________________________________ I have gone through the default process: - Ensured VPN client access is enabled - specified windows grpups that are allowed VPN access - Enabled PPTP and L2TP - remote access config=: access network: internal; address assignment: static pool (192.168.100.100/150); internal network used for DNS; authentication: MS Chap v2; radius not used - Firewall Access: Action: allow; Protocols: All outbound traffic; from/listner: vpn clients; to: internal; condition: All users - network rules: left default/unchanged "VPN clients to internal network" I have opened up all VPN ports on the DSL router/firewall to ISA's external NIC (192.168.10.2). but still, i canot connect via vpn from another network. Err: the remote computer did not respond. I have tested wVPN without ISA, and it works, so it means there's nothing wrong with the router/firewall. any help would really be appreciated

25-Mar-2007, 09:50 PM	#2 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	Re: VPN with ISA 2004 Confirm please that you have installed service pack 2 for isa and then installed the post service pack rollup patches. Open the ISA gui, select monitoring - sessions - do you see any connection attempts? Select monitoring - alerts - anything in the list? Select monitoring - logging - click on start query. Make a connection attempt. Do you see the connection attempts in the log? Are these succeeding or failing? Anything in the MS Event logs? Run up the Best Practice analyser and review the results. Anything reported? http://www.microsoft.com/downloads/details.aspx?FamilyID=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en Any issues with the RRAS services? Check out the log with the dsl router. Possibly an option with the doubl;e NATting. (dsl router and ISA). Have you enabled the transparent nat protocol also?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)