locked
VPN out thru the ISA 2006 RRS feed

  • Question

  • hi all,

    please help. i have jsut deployed a isa 2006 on a sbs 2003 network. the only issue that is not working. is that when i dial a connection to connect to a clients modem to vpn to there server, i getting error 800..cannot connect at all..please help 

    let me know what i have to do to make this work

    cheers 
    Monday, September 29, 2008 2:49 AM

Answers

  • Hi

    I am not sure what you mean in your first posting "jsut deployed a isa 2006 on a sbs 2003 network" as SBS 2003 premium has ISA 2004 and not 2006. Hope it is a separate ISA 2006 and not the one running as your DC.

    Your original post is not clear as to whether you are making VPN connection from internal client  to External network of ISA. or the otherway .


    But from the later threads i assume the VPN client is in the internal Side of ISA and VPN server is on the external side of ISA.

    Can you look at the following KB?

    886621 You receive an "Unable to establish the VPN connection" error message when your Windows Small Business Server 2003-based client computer try to make an outgoing PPTP connection
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;886621


    If this is not working , we will need a network monitor capture from Clients side ( all interfaces - LAN as well as Dialup interface ) and a ISA data packager report from ISA in repro mode.

    1. Install ISA Server Best Practices Analyzer on the ISA server. The installation requires .NET framework 1.1 (part of Windows Server 2003 operating system).

     

    2. Run the ISA Server Best Practices Analyzer with the following steps:

     

    a) Open the ISA Server Best Practices Analyzer tool (Start -> Programs -> ISA Tools -> ISA Server Best Practices Analyzer).

    b) Create a Best Practices scan (Welcome->Start a new Best Practices scan-> Start scanning).

    c) For scan type you can select Health check, Isainfo or both.

    d) Review your Best Practices scan (View the report of this Best Practices scan).

     

    3. Prepare an ISA Server Diagnostics package by running the Pack ISA Server Diagnostics tool with the following steps:

     

    a) Run the Pack ISA Server Diagnostics tool (Start -> Programs -> ISA Tools -> Pack ISA Server Diagnostics…).

    b) Send the IsaPackage.cab file that is placed on your desktop.

     

    4. Prepare MPS Reports with the following steps

     

    a) Run MPSRPT_NETWORK.EXE on the ISA Server.

    b) Send the generated report.

    • Marked as answer by rhys344 Tuesday, January 6, 2009 6:01 AM
    Friday, December 19, 2008 11:42 PM
    Answerer

All replies

  • Hi,

    Check this KB : http://support.microsoft.com/kb/948496/

    also, have you set your client as a SecureNet client ? have you create an outbound firewall policy with the required protocols and with the condition ALL Users ?

    HTH,
    Tarek

    _____________________________

    Tarek Majdalani
    MS Forefront Edge Security MVP
    Website : http://www.elmajdal.net/ISAServer

    • Proposed as answer by ElMajdalModerator Thursday, October 2, 2008 8:50 PM
    • Unproposed as answer by rhys344 Tuesday, January 6, 2009 6:01 AM
    Thursday, October 2, 2008 8:50 PM
    Moderator
  • this is still a ongoing issue.. cant vpn out. i get error 619..have tried that aritcle and done updates and workaround still no luck...any other ideas?
    Tuesday, December 16, 2008 5:37 AM
  • Hi,

    the client has the Default Gateway pointed to ISA Server?
    the Microsoft Firewall Client is not installed?
    Are you using PPTP?
    Create a Firewall rule which allows the Client PPTP for All users nad be sure that no other Firewall rule above the allow VPN rule is blocking the traffic
    Look in the ISA Srever realtime log to see if something VPN related is blocked
    Do ypu have a router in front of ISA Server? The Router / Firewall allows VPN passthrough?
    Try to test different VPN servers.

    regards Marc
    www.nt-faq.de
    www.it-training-grote.de
    Tuesday, December 16, 2008 10:50 AM
  • hi marc,

    all clients have default gateway of isa server
    firewall client is not installed
    yes pptp is being use, rule is top of listed allowing pptp out.
    have a billion router in front of isa server and supports vpn
    tried to connect to about 6 different location same error.
    pptp out works fine when we bypass the isa server.

    the realtime log show the pptp connection opens then closes about 10secs after with no errors.
    Wednesday, December 17, 2008 4:18 AM
  • Hi

    I am not sure what you mean in your first posting "jsut deployed a isa 2006 on a sbs 2003 network" as SBS 2003 premium has ISA 2004 and not 2006. Hope it is a separate ISA 2006 and not the one running as your DC.

    Your original post is not clear as to whether you are making VPN connection from internal client  to External network of ISA. or the otherway .


    But from the later threads i assume the VPN client is in the internal Side of ISA and VPN server is on the external side of ISA.

    Can you look at the following KB?

    886621 You receive an "Unable to establish the VPN connection" error message when your Windows Small Business Server 2003-based client computer try to make an outgoing PPTP connection
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;886621


    If this is not working , we will need a network monitor capture from Clients side ( all interfaces - LAN as well as Dialup interface ) and a ISA data packager report from ISA in repro mode.

    1. Install ISA Server Best Practices Analyzer on the ISA server. The installation requires .NET framework 1.1 (part of Windows Server 2003 operating system).

     

    2. Run the ISA Server Best Practices Analyzer with the following steps:

     

    a) Open the ISA Server Best Practices Analyzer tool (Start -> Programs -> ISA Tools -> ISA Server Best Practices Analyzer).

    b) Create a Best Practices scan (Welcome->Start a new Best Practices scan-> Start scanning).

    c) For scan type you can select Health check, Isainfo or both.

    d) Review your Best Practices scan (View the report of this Best Practices scan).

     

    3. Prepare an ISA Server Diagnostics package by running the Pack ISA Server Diagnostics tool with the following steps:

     

    a) Run the Pack ISA Server Diagnostics tool (Start -> Programs -> ISA Tools -> Pack ISA Server Diagnostics…).

    b) Send the IsaPackage.cab file that is placed on your desktop.

     

    4. Prepare MPS Reports with the following steps

     

    a) Run MPSRPT_NETWORK.EXE on the ISA Server.

    b) Send the generated report.

    • Marked as answer by rhys344 Tuesday, January 6, 2009 6:01 AM
    Friday, December 19, 2008 11:42 PM
    Answerer
  •  hi,

    we are needing to VPN out using pptp. so yes internal to external. how do i send you those files?
    Monday, December 22, 2008 4:41 AM
  • 1. How big are these files?
    2.If they are less than 5 MB , send it to balan@microsoft.com as attachment and confirm. I am away on vacation . So my response will be delayed.

    Thanks
    Bala Natarajan
    balan@microsoft.com

    Tuesday, December 23, 2008 3:34 AM
    Answerer
  • thank bala. i will send email now..
    Tuesday, December 23, 2008 4:13 AM
  • Make sure you dont install patch 956570 if you need to use PPTP.

    Google of that KB 956570 will show why

    Monday, October 18, 2010 9:06 PM