RE: Authentication problems using VPN on MS ISA

From: John the Kiwi (john@johnthekiwi.com)
Date: 09/18/02 

From: John the Kiwi <john@johnthekiwi.com>
To: focus-ms@securityfocus.com
Date: 18 Sep 2002 00:40:14 -0500

Hi Fabian

Check your routers. I had a similar problem and after a lot of
frustration and no answeers in the MS knowledge base we realised that
the router we were using didn't correctly support VPN connections.

Port 1723 was correctly forwarded but the server would only begin to
authenticate and then the connection would time out.

We tested this by successfully connecting via VPN from the local subnet
of the server, but I assume that would be one of the first tests you
did?

Also, I hate to be too anal but have you triple checked your ISA
settings? The ISA help system is very helpful for confirming your
settings. If you don't have many rules set up it would also be a simple
task to uninstall ISA and try the VPN connection then before
reinstalling it.

That's what I'd do anyway.

Cheers
John the Kiwi
www.johnthekiwi.com

On Tue, 2002-09-17 at 13:57, Jim Harrison (SPG) wrote:
> Are you trying to VPN *_to_* or *_through_* the ISA server?
> In other words, is the RRAS server *_on_* or *_behind_* ISA?
>
> ISA can't pass IPSec or PPTP traffic, but it does support locally-based
> Win2K RRAS VPN.
> Can ISA validate the credentials to either a domain or RADIUS service?
>
> Jim
>
> -----Original Message-----
> From: Fabian Aubrey [mailto:faubrey@gicnet.ca]
> Sent: Wednesday, September 11, 2002 8:52 AM
> To: focus-ms@securityfocus.com
> Subject: Authentication problems using VPN on MS ISA
>
>
> Authentication problems using VPN on MS ISA:
>
> We are having difficulty establishing a VPN connection thru MS ISA. We
> receive error 691 (authentication) from the server at each connection
> attempt. The login we are using is correct however, something seems to
> be happening at the ISA level that rejects that login. All parameters
> have been verified as per Microsoft Q docs but to no avail. Can anyone
> shed any light as to what ISA might be doing to the VPN connection as it
> seems that we are contacting the server but just sending garbage as
> auth.
>
>
> Thank You
> Fabian

Relevant Pages

  • RE: VPN Error 800
    ... On the Small Business Server 2003-based server, click To Do List in the ... Click Next, click Enable Remote Access, click to select the VPN Access ... go to the client and establish the VPN connection to the ... please help me gather the ISA info and ISA log: ...
    (microsoft.public.windows.server.sbs)
  • RE: Authentication problems using VPN on MS ISA
    ... Authentication problems using VPN on MS ISA ... Port 1723 was correctly forwarded but the server would only begin to ... I hate to be too anal but have you triple checked your ISA ... > We are having difficulty establishing a VPN connection thru MS ISA. ...
    (Focus-Microsoft)
  • Re: ISA2000 blocks the VPN?
    ... > the resource in the destination network (where the VPN server resides), ... > recommended configuration to establish a VPN connection. ... Help to gather the ISA Logs: ...
    (microsoft.public.windows.server.sbs)
  • Re: Strange problem with opening a network place could be ISA 2004 or XP SP2 Problem
    ... Since the error may be recorded in the ISA logs, ... Expand the server node and highlight 'Monitoring'. ... The VPN connection was created manually (using the add a new ...
    (microsoft.public.windows.server.sbs)
  • Re: Authentication problems using VPN on MS ISA
    ... service has a problem if the ISA server has been disconnected from the ... Authentication problems using VPN on MS ISA ... We are having difficulty establishing a VPN connection thru MS ISA. ...
    (Focus-Microsoft)