RE: Authentication problems using VPN on MS ISA

From: mjans001 (m.jansen001@chello.nl)
Date: 09/18/02 

From: "mjans001" <m.jansen001@chello.nl>
To: <jmharr@microsoft.com>, <faubrey@gicnet.ca>, <focus-ms@securityfocus.com>
Date: Wed, 18 Sep 2002 08:06:28 +0200

I have to agree with Jim, for starters, ISA does not pass pptp traffic
remote initiated because of nat. Terminate the tunnel locally. Altough
that is only secure enough for a wireless lan to me. I would love to
trottle that traffic a layer ealier at a small pix fw or something.

Martijn CCNP DP CISSP

-----Oorspronkelijk bericht-----
Van: Jim Harrison (SPG) [mailto:jmharr@microsoft.com]
Verzonden: dinsdag 17 september 2002 20:58
Aan: Fabian Aubrey; focus-ms@securityfocus.com
Onderwerp: RE: Authentication problems using VPN on MS ISA

Are you trying to VPN *_to_* or *_through_* the ISA server?
In other words, is the RRAS server *_on_* or *_behind_* ISA?

ISA can't pass IPSec or PPTP traffic, but it does support locally-based
Win2K RRAS VPN. Can ISA validate the credentials to either a domain or
RADIUS service?

Jim

-----Original Message-----
From: Fabian Aubrey [mailto:faubrey@gicnet.ca]
Sent: Wednesday, September 11, 2002 8:52 AM
To: focus-ms@securityfocus.com
Subject: Authentication problems using VPN on MS ISA

Authentication problems using VPN on MS ISA:

We are having difficulty establishing a VPN connection thru MS ISA. We
receive error 691 (authentication) from the server at each connection
attempt. The login we are using is correct however, something seems to
be happening at the ISA level that rejects that login. All parameters
have been verified as per Microsoft Q docs but to no avail. Can anyone
shed any light as to what ISA might be doing to the VPN connection as it
seems that we are contacting the server but just sending garbage as
auth.

Thank You
Fabian

Relevant Pages

  • Re: gateway vpn how-to?
    ... After configuring the "Set up Local ISA VPN Server" wizard, ... After that, reboot the server. ... VPN client connections", finish the configuration afterwards. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Outgoing VPN Error 619
    ... Outbound VPN problem: ... Q1 - is the test client configured as SecureNET? ... Q2 - what do you find in the ISA logs for your tests? ... I've checked in local network rules and I do have a rule called VPN clients ...
    (microsoft.public.isa.vpn)
  • Re: Switching IP address ranges
    ... ISA Server performs deep inspection of Internet ... inspection of all VPN traffic. ... Forth just because SBS is cheap it does not mean is bad. ... I used to believe on solid state firewalls (which SonicWall is not) but they ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA2004 kills VPN outbound
    ... I understand that after you upgraded ISA 2000 to ISA ... 825763 How to configure Internet access in Windows Small Business Server ... Then, establish the VPN connection again, does it work this time? ... FW client and configure the client as a SecureNAT client. ...
    (microsoft.public.windows.server.sbs)
  • RE: Configuring ISA 2004 for outbound MS VPN access
    ... internal users to connect to an external VPN server through Microsoft ... Internet Security and Acceleration (ISA) Server 2004. ... remote VPN network is not in the local ISA server's LAT (for ISA 2004, ... Joining Networks over the Internet with a Gateway to Gateway VPN: ...
    (microsoft.public.windows.server.sbs)