ISA VPN and "Upper Level" ports
I already posted this question to the MS Networking section, but after looking around some I think that this area may be more appropriate.
Here is my problem ...
I have got an SBS 2000 install and I use ISA Server to support VPN connections for Outlook/Exchange and minimal file access when necassary.
We also have a client server based application that uses SQL Server for document imaging. The application is called LaserFische and I would
like to be able to use this across the VPN as well.
LaserFische does not operate on top of the SQL Server 2000 that ships with SBS, it requies the desktop version; I believe this is to control
licensing, although I don't think this is the root of my problem.
When I establish a VPN session, I can't connect to the SQL Server for LaserFische. It basically
times out.
Our Laserfische support person says that this is probably due to the fact that client communicates with the Laserfische server (SQL Desktop?)
on port 1888, but this (and I guess any other upper level ports) would be blocked in a VPN session.
Is this true? If so can it be changed?
Thanks for any help.
Here is my problem ...
I have got an SBS 2000 install and I use ISA Server to support VPN connections for Outlook/Exchange and minimal file access when necassary.
We also have a client server based application that uses SQL Server for document imaging. The application is called LaserFische and I would
like to be able to use this across the VPN as well.
LaserFische does not operate on top of the SQL Server 2000 that ships with SBS, it requies the desktop version; I believe this is to control
licensing, although I don't think this is the root of my problem.
When I establish a VPN session, I can't connect to the SQL Server for LaserFische. It basically
times out.
Our Laserfische support person says that this is probably due to the fact that client communicates with the Laserfische server (SQL Desktop?)
on port 1888, but this (and I guess any other upper level ports) would be blocked in a VPN session.
Is this true? If so can it be changed?
Thanks for any help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So.. this means you CAN connect to port 1888... perhaps there are other ports in question here ?
1433 is the standard SQL port - if it's not there, then maybe this isn't a standard SQL application as you say.
We need to look at why the app is failing. Is it possible the app is trying to connect back to the client (ie a back connection) somehow ?
Does the app work WITHOUT the ISA server in place ?
I was looking through the Laserfiche specs, and it appears to want WINSOCK support, and only runs on Win 95/98 and NT 4.0 - http://www.isomedia.com/emedia_rim/LaserFiche/LF%20Enterprise.pdf.
Maybe it won't run on XP ?
The product Laserfiche Weblink looks like a good alternative if this is the case ?
We're a little stuck... looks like the VPN tunnel is fine and port 1888 is let through - I suggest you get back in touch with Laserfiche Support and ask them what else could be wrong ?
At a long shot, it could be the MTU size on your VPN client ? Try dropping to 1492 and seeing what happens.
http://www.winguides.com/registry/display.php/280/
This basically means that the maximum packet size is dropped from 1500 to 1492, to take into account encapsulation.
eg - encapsulate a 1500 bit packet, it becomes 1508 in size, which may be fragmenting somewhere down the line and causing the client/server thing to go a bit funny. However, if you encapsulate a packet 1492 in size, in becomes 1500 bits in size, which is normal across most networks and won't be fragmented.
1433 is the standard SQL port - if it's not there, then maybe this isn't a standard SQL application as you say.
We need to look at why the app is failing. Is it possible the app is trying to connect back to the client (ie a back connection) somehow ?
Does the app work WITHOUT the ISA server in place ?
I was looking through the Laserfiche specs, and it appears to want WINSOCK support, and only runs on Win 95/98 and NT 4.0 - http://www.isomedia.com/emedia_rim/LaserFiche/LF%20Enterprise.pdf.
Maybe it won't run on XP ?
The product Laserfiche Weblink looks like a good alternative if this is the case ?
We're a little stuck... looks like the VPN tunnel is fine and port 1888 is let through - I suggest you get back in touch with Laserfiche Support and ask them what else could be wrong ?
At a long shot, it could be the MTU size on your VPN client ? Try dropping to 1492 and seeing what happens.
http://www.winguides.com/registry/display.php/280/
This basically means that the maximum packet size is dropped from 1500 to 1492, to take into account encapsulation.
eg - encapsulate a 1500 bit packet, it becomes 1508 in size, which may be fragmenting somewhere down the line and causing the client/server thing to go a bit funny. However, if you encapsulate a packet 1492 in size, in becomes 1500 bits in size, which is normal across most networks and won't be fragmented.
ASKER
When manually attaching to the LF database (which you have to do across a VPN- presumably since their isn't any broadcast) you have to specify the database name spelling it with a Capital letter... :)
Oh well... thanks for the help..
Oh well... thanks for the help..
Is this fixed now then ? Was it purely typos that were giving you problems ?
ASKER
Yup.
ASKER
Thanks for the replies,
I am using using Windows XP clients to create a PPTP session to ISA- well actually it would technically be Windows 2000 RRAS, but I used the ISA wizards to set it all up....
Anyway....
I can ping the server successfully.
Everything is on one server here (SBS), so I don't think there would be any routing issues, etc.
I can telnet to port 1888 but not 1433-I get a 'connect failed" message. I would assume this has something to do with it being the desktop ver of SQL and/or a technicalilty of it being
somewhat of a proprietary app.
Thanks again for the help.