Forefront Edge Security TechCenter >
Forefront Edge Security Forums
>
Forefront Edge Security Virtual Private Networks
>
ISA 2006 VPN with a WIN XP SP2
ISA 2006 VPN with a WIN XP SP2
- Hi,
My corporate network uses a ISA 2006 FW. The admin created a new VPN connection on my XP laptop and I was able to connect to the shared resources on our LAN once I established the VPN.
So, last week, I purchased a new wireless N router and at the same time, my XP laptop died and I had the admin replace the HD.
Now, I just reinstalled all of my programs and I had the admin recreate the VPN connection and at the same time, we installed my new Wireless N router at my home.
Issue: I can successfully establish the VPN, but I cannot access any network resources in the corporate office. I cannot PING by IP or hostname, RDP, or cannot even access shared files.
I can do a IPCONFIG, and my laptop does pull an IP address properly from the ISA FW.
I have disabled my firewalls and AV programs.
So, Ive come to conclude that two things have changed. I installed a new router, and I had to have my laptop reformatted.
The admin says there is nothing he has to do on his end to accept the new VPN connection.
Could it be something in my new wireless router that is blocking shared resources? Since I can connect to the VPN, but not shared resources, to me, it seems that the VPN is working.
Any help would be very appreciated.
Answers
- Maybe your new router gives you IPs in the same range as you use at the corporate network.
In that case nothing on your side will route through VPN.
Also make sure your routing table on the client after establishing the VPN has the VPN as default gateway or has routes to connect to your corp network.- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, October 19, 2009 7:32 AM
All Replies
- You need to coordinate testing with the ISA admin.
He needs to watch the ISA logs (filtered for your VPN IP) and see if ISA is rejecting your traffic.
If you can successfully create the VPN tunnel, it's unlikely that the N-wireless has any effect _unless_ the VPN tunnel is broken unexpectedly.
It doesn't sound as if this is the case.
Jim Harrison Forefront Edge CS - But nothing has changed on the admin's end.
Would replacing my laptop's hard drive cause connection issues? If you can create the connection and maintain it, your laptop is fine.
One thing that comes to mind is the possibility of VPN-quarantine scripts., but the result of this may only be visible at the ISA itself (depends how they wrote them).
Any way you look at it, you need to coordinate testing with the ISA administrator to determine the cause of the problem.
Jim Harrison Forefront Edge CS- Proposed As Answer byJim Harrison IsaDewd Tuesday, October 13, 2009 5:31 PM
- The admin is having trouble as well. Other VPN clients can connect successfully except for two users specifically who have the same problem.
---VPN connect, but cannot access network resources--
He sees my IP connect to the VPN network, and all looks ok, however, he says that he sees port UDP 427 is being blocked.
Other than that, everything looks like normal...according to the admin.
Is there something specific we should look at? - DNS is UDP or TCP 53
SMB is TCP 445
Network Monitor 3 is available from MS downloads. It's a good idea to use this as well as the ISA logging.
He should look in the ISA alerts and the Windows Application and System event logs.
Usually when something like this happens, ISA is (and probably has been) screaming about multiple problems.
Jim Harrison Forefront Edge CS- Unmarked As Answer bydecki Monday, October 19, 2009 11:32 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, October 19, 2009 7:32 AM
- Maybe your new router gives you IPs in the same range as you use at the corporate network.
In that case nothing on your side will route through VPN.
Also make sure your routing table on the client after establishing the VPN has the VPN as default gateway or has routes to connect to your corp network.- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, October 19, 2009 7:32 AM
- It turns out that my router was giving me the same IP range as the corporate network.
Once I changed the routers IP addressing, everything was fine.
Thanks!
