RE: Authentication problems using VPN on MS ISA
From: JAX (jax@evosoft.dk)Date: 09/19/02
- Previous message: Greene Paul: "Remote data services in IIS 5"
- In reply to: j.mickerts@gmx.net: "RE: Authentication problems using VPN on MS ISA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "JAX" <jax@evosoft.dk> To: <focus-ms@securityfocus.com> Date: Thu, 19 Sep 2002 23:44:02 +0200
Yep , had the same problem and it was solved as soon as the GRE packets
were also forwarded.
Are you sure the router supports GRE packets ? Some small older models
like 677 have problems with the GRE packets.
George Sas
Syadmin - Nova Data
> -----Original Message-----
> From: j.mickerts@gmx.net [mailto:j.mickerts@gmx.net]
> Sent: Wednesday, September 18, 2002 9:53 PM
> To: John the Kiwi
> Cc: focus-ms@securityfocus.com
> Subject: RE: Authentication problems using VPN on MS ISA
>
> Hi John,
>
> your error was probably caused because you did not forward the GRE
packets
> (IP protocol 47) to the PPTP Server, you just forwarded port 1723/tcp.
> Maybe Fabian is having the same problem.
>
> Kind regards,
>
> Jens Mickerts
>
>
>
>
> John the Kiwi <john@johnthekiwi.com>
> 18.09.2002 07:40
>
> To
> focus-ms@securityfocus.com
> cc
>
> Subject
> RE: Authentication problems using VPN on MS ISA
>
>
>
>
>
>
> Hi Fabian
>
> Check your routers. I had a similar problem and after a lot of
> frustration and no answeers in the MS knowledge base we realised that
> the router we were using didn't correctly support VPN connections.
>
> Port 1723 was correctly forwarded but the server would only begin to
> authenticate and then the connection would time out.
>
> We tested this by successfully connecting via VPN from the local
subnet
> of the server, but I assume that would be one of the first tests you
> did?
>
> Also, I hate to be too anal but have you triple checked your ISA
> settings? The ISA help system is very helpful for confirming your
> settings. If you don't have many rules set up it would also be a
simple
> task to uninstall ISA and try the VPN connection then before
> reinstalling it.
>
> That's what I'd do anyway.
>
> Cheers
> John the Kiwi
> www.johnthekiwi.com
>
>
>
> On Tue, 2002-09-17 at 13:57, Jim Harrison (SPG) wrote:
> > Are you trying to VPN *_to_* or *_through_* the ISA server?
> > In other words, is the RRAS server *_on_* or *_behind_* ISA?
> >
> > ISA can't pass IPSec or PPTP traffic, but it does support
locally-based
> > Win2K RRAS VPN.
> > Can ISA validate the credentials to either a domain or RADIUS
service?
> >
> > Jim
> >
> > -----Original Message-----
> > From: Fabian Aubrey [mailto:faubrey@gicnet.ca]
> > Sent: Wednesday, September 11, 2002 8:52 AM
> > To: focus-ms@securityfocus.com
> > Subject: Authentication problems using VPN on MS ISA
> >
> >
> > Authentication problems using VPN on MS ISA:
> >
> > We are having difficulty establishing a VPN connection thru MS ISA.
We
> > receive error 691 (authentication) from the server at each
connection
> > attempt. The login we are using is correct however, something
seems to
> > be happening at the ISA level that rejects that login. All
parameters
> > have been verified as per Microsoft Q docs but to no avail. Can
anyone
> > shed any light as to what ISA might be doing to the VPN connection
as it
> > seems that we are contacting the server but just sending garbage as
> > auth.
> >
> >
> > Thank You
> > Fabian
>
>
- Previous message: Greene Paul: "Remote data services in IIS 5"
- In reply to: j.mickerts@gmx.net: "RE: Authentication problems using VPN on MS ISA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
