Link to home
Create AccountLog in
Avatar of cogentlogik
cogentlogik

asked on

WIN2k3 Server VPN set up (Using ISA)

I have a Windows 2003 server with the following setup

Standard Edition (with sp1)
Two NICs connected to a Linksys RV082 router
router is connected to cable modem
DHCP and DNS set up on server, not router

I hope that's enough info to get started helping me.

Here's my issue: I am trying to set up a VPN (first time). I was able to get it set up on the router, but my boss doesn't want it that way, so that is no longer an option. I installed ISA on the server and tried to set it up that way, but my clients can't connect. And whenever I enable the RRAS and MS ISA Server control services on the server, I lose my ability to access anything on the network or internet from the server and all attached workstations. So I've had to disable those.

I have a scenario walkthrough that I got from the ISA section of the MS website, and followed it to the letter, several times. I'm not sure where I'm going wrong, but any help would be appreciated.

TIA
Ap
Avatar of TheCleaner
TheCleaner
Flag of United States of America image

Try this walkthrough for ISA (I'll assume 2004):

http://www.msfirewall.org/isa2004kits.htm

Go there ^^ and get the VPN kit.  It has lots of docs and walkthroughs from start to finish.
Avatar of cogentlogik
cogentlogik

ASKER

Cleaner,
     I appreciated your response, and learned a lot looking over those documents. However, we have now decided to go away fro ISA, and just use built-in RRAS to set up the VPN. I was able to get it working using PPTP, but I need to be able to use L2TP/IPSec. I have been playing with it for a bit, but can't get the VPN to connect when I change the setting to L2TP/IPSec. I get an error 792. I looked around the site, but didn't find anything that helped. Do I need to set my server up as a CA? How exactly do I do that? Do I need to change the IP Security Policies on the server and/or client? I could really use a pointer in the right direction.

TIA
Ap
yes, you'll need a CA (or at least an enterprise CA) to get it to work.

See my posts here:

https://www.experts-exchange.com/questions/21778511/Install-SSL-cert-on-server-2003-no-signing-required.html

It's basically the same process regardless...

Also
http://www.alt-tab.info/?p=7
http://www.alt-tab.info/?p=10
Cleaner,
    You're awesome. I got the CA running. Turns out that I had done it correctly. But on my client machine, I was logged on the the network with cached info. So I tried to connect again, and got the same error. At any rate, In this http://www.alt-tab.info/?p=10 link you posted, I was able to get up to step 4 with no trouble. But the next screen I get doesn't have the options listed in step five. Any idea why that is?
Those steps are only necessary if the machine isn't on the domain, otherwise it will auto-enroll.

What does it show?  Are there any options listed at all?
It shows a page that says "Advanced Certificate Request" at the top and has three fields:

Certificate Template - (With a drop-down box)
Key Options
Additional Options

Does any of that sound familiar?
Yeah, do the cert template and does it show anything in the drop down box?
Option in drop-down are:
User
Basic EFS
Administrator
EFS Recovery Agent
Web Server
Subordinate Certification Authority
Ah...yeah the "alt-tab" website is a little off...see here:

http://www.isaserver.org/img/upl/vpnkitbeta2/webenrollenterprise.htm

Basically choose administrator, then continue on the steps...

Follow the link from isaserver.org starting with the phrase:

Requesting a Machine Certificate from the Enterprise CA Web Enrollment Site

 
Cleaner,

Hate to keep beating this issue up, but I followed those steps, sucessfully, and now, without having made any other changes, I'm getting a different error when trying to connect. It's error 678: The remote computer did not respond. I can connect with no problems if I change the connection type to PPTP. Any ideas?

TIA
Ap
Run the ISA monitor and set it for the rules for the VPN.  Then try and connect and see what the monitoring log shows.  Post it here and we'll figure it out.
Good Morning,

I can't do that, unless it's necessary. I uninstalled ISA. Everytime I install it, I lose my internet connectivity. I know it blocks all traffic by default, but I don't have time or energy to configure the firewall. (unless I need to in order to get this working). Is there another path we can take? If not, I'll install ISA, and do as you instructed.

TIA
Ap
ASKER CERTIFIED SOLUTION
Avatar of TheCleaner
TheCleaner
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Got it all resolved?
Somewhat.... I went away from all my original settings, Slicked the drive, and loaded SBS 2003 on it. Playing with that now, hoping that some of the dumbed-down, built-in features can help me get this up. Thanks for all your help.
:)  ok.