Jump to content

ISA 2006 VPN


f5ferrari

Recommended Posts

Hi people :hello:

I've been tearing my hair out over this so hoping someone can give me a hand before I go bald!

I've setup my Microsoft ISA 2006 server to allow remote access via VPN, I can connect via VPN locally within the network however when I try external it fails, my ISA server is behind another ISA server which has apparently be select to allow traffic from port 500, 4500 and 1701 however when I look at my firewall log it only shows requests coming to port 500 and 4500 as shown below, none to port 1701.

VPN Setup:

L2TP Protocol

IPSec Preshared Key (for now.. will update to certificate based auth later on)

Network Layout:

Internet --> 1st ISA --> 2nd ISA (the one within my building) --> Internal Network

Snippet from ISA Firewall Log - Note IP address have been removed

BLACKHOLE	2008-02-19	07:57:02	UDP	<<USERIP>>:61079	<<2ndISA IP>>:500	87.194.101.102	External	Local Host	Establish	0x0	[System] Allow VPN client traffic to ISA Server	IKE Client	0	0	0	0	-	-	-	-	184502	2249727


BLACKHOLE 2008-02-19 08:05:14 UDP <<USERIP>>:61079 <<2ndISA IP>>:500 87.194.101.102 External Local Host Terminate 0x80074e20 [System] Allow VPN client traffic to ISA Server IKE Client 2400 2400 7280 7280 492000

Am guessing that the 1701 (L2TP Client) port has not been opened on the first ISA server that is causing this problem however when I confirmed whether it was open I was told it was... but with the fact I am not even seeing L2TP client hitting the firewall nevermind being even allowed or disallow I still think its blocked.

Anyone got any ideas? :D

Thanks

Link to comment
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...