RE: Authentication problems using VPN on MS ISA

From: j.mickerts@gmx.net
Date: 09/18/02 

To: John the Kiwi <john@johnthekiwi.com>
From: j.mickerts@gmx.net
Date: Wed, 18 Sep 2002 21:52:55 +0200

Hi John,

your error was probably caused because you did not forward the GRE packets
(IP protocol 47) to the PPTP Server, you just forwarded port 1723/tcp.
Maybe Fabian is having the same problem.

Kind regards,

Jens Mickerts

John the Kiwi <john@johnthekiwi.com>
18.09.2002 07:40

To
focus-ms@securityfocus.com
cc

Subject
RE: Authentication problems using VPN on MS ISA

Hi Fabian

Check your routers. I had a similar problem and after a lot of
frustration and no answeers in the MS knowledge base we realised that
the router we were using didn't correctly support VPN connections.

Port 1723 was correctly forwarded but the server would only begin to
authenticate and then the connection would time out.

We tested this by successfully connecting via VPN from the local subnet
of the server, but I assume that would be one of the first tests you
did?

Also, I hate to be too anal but have you triple checked your ISA
settings? The ISA help system is very helpful for confirming your
settings. If you don't have many rules set up it would also be a simple
task to uninstall ISA and try the VPN connection then before
reinstalling it.

That's what I'd do anyway.

Cheers
John the Kiwi
www.johnthekiwi.com

On Tue, 2002-09-17 at 13:57, Jim Harrison (SPG) wrote:
> Are you trying to VPN *_to_* or *_through_* the ISA server?
> In other words, is the RRAS server *_on_* or *_behind_* ISA?
>
> ISA can't pass IPSec or PPTP traffic, but it does support locally-based
> Win2K RRAS VPN.
> Can ISA validate the credentials to either a domain or RADIUS service?
>
> Jim
>
> -----Original Message-----
> From: Fabian Aubrey [mailto:faubrey@gicnet.ca]
> Sent: Wednesday, September 11, 2002 8:52 AM
> To: focus-ms@securityfocus.com
> Subject: Authentication problems using VPN on MS ISA
>
>
> Authentication problems using VPN on MS ISA:
>
> We are having difficulty establishing a VPN connection thru MS ISA. We
> receive error 691 (authentication) from the server at each connection
> attempt. The login we are using is correct however, something seems to
> be happening at the ISA level that rejects that login. All parameters
> have been verified as per Microsoft Q docs but to no avail. Can anyone
> shed any light as to what ISA might be doing to the VPN connection as it
> seems that we are contacting the server but just sending garbage as
> auth.
>
>
> Thank You
> Fabian

Relevant Pages

  • Re: gateway vpn how-to?
    ... After configuring the "Set up Local ISA VPN Server" wizard, ... After that, reboot the server. ... VPN client connections", finish the configuration afterwards. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Issues, Cannot ping network resources
    ... resources through VPN after applied SP1. ... You may then reboot the SBS server to see if the issue will be ... Additionally you can upgrade ISA 2000 to 2004 to fix the issue. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN with SBS Premuim
    ... Windows 2003 SP2 networking issues, and then re-ran the CEICW again this time ... I understand that after installing ISA 2004 on the SBS ... server, VPN does not work. ... if you installed SP2 on the SBS server without ...
    (microsoft.public.windows.server.sbs)
  • Re: Strange problem with opening a network place could be ISA 2004 or XP SP2 Problem
    ... Since the error may be recorded in the ISA logs, ... Expand the server node and highlight 'Monitoring'. ... The VPN connection was created manually (using the add a new ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA2004 kills VPN outbound
    ... Extract all files to a folder on ISA server. ... Expand the server node and highlight 'Monitoring'. ... After the VPN connection was established, ... |> Since the branch office workstations can connect to the VPN server, ...
    (microsoft.public.windows.server.sbs)