ISA 2004 - W2k3  .....VPN will not work.......at all

Posted on 2006-04-28
Medium Priority
Last Modified: 2013-11-16
Hi Guys,

VPN with Radius authentication

Quick question :

1.  When configuring ISA VPN shouldn't RRAS get enabled and configured automatically by ISA.  If so, then this is my problem.  My RRAS doesn't appear to get enabled/configured.  Tried re-installing ISA, even the whole 2003 server due to a corrupt ghost image.  Still the same issue.

Have notice a couple of errors in the event log :

 a)  MSSQL$MSFW  Event id 19011   ....something about not enough registry info or use /AUXSOURCE=flag message dll.  - (Basically the SQL icon in the task bar is blank ie. no server/configuration details).  Thought this was something to do with logging, so have dismissed it as the cause of VPN not working.

b)  Got another error about how the NETWORK SERVICE account could not access/write to  the HKLM/system/current/service/remoteaccess/paramenters/IP section of the registry.  Fixed this by giving it the correct permissons.

Have re-installed, with different combinations(Reg edit then install, enable RRAS then install etc...) with the same results above.  Server is 2003 sp1 ISA 2004 sp1

I am positve that I have set it up properly (Radius, remote access policies  etc...)  In logging, can see the PTPP request coming in and it hitting the correct system rule - lafter a wee while looks as though it timesout and closes the connection.  Get 721 no respond at the client after it tries to authenticate the username/password.  Have tried basic VPN using RRAS for authentication.  Same problem.

Convinced its RRAS.

Anyone any ideas?



Question by:ianmclachlan
  • 3
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16564559
Have you actually enabled the vpn within ISA?
Have you created the rules allowing VPN client --> Internal etc?
Are your users getting prompted for a username/password or is the timeout before this point?
Is your external router/firewall allowing GRE traffic to pass?
If you setup an IPSEC VPN instead, does this work OK?
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16591665
Any update?

Author Comment

ID: 16594151
Hi Keth,

Thanks for your reply.

I have enabled the VPN
The VPN system rule is automatically created when you enable VPN and I have checked its there and confirgured properly VPN Client (external going to internal) etc....
Router allows GRE traffic to pass
Not tried an IPSEC VPN yet, however, what was your thinking about why this would work?

Any help would be appreciated.



LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 16599883
Wasn't sure what your ouside router/firewall was. Some do not let gre traffic through; might have been your issue. Now that you have confirmed GRE passes, Its a rethink.

I have never had any error messages when installing ISA2000, 2004 or 2006. To be honest, they would be concerning me before I started. If you disable the RADIUS requirement within the VPN config, does RRAS start OK? Enabling the client kicks RRAS into life normally.

The 19011 error is generally seen when something has gone pear-shaped with the auditing configuration. It will be an SQL/MSDE error but can be caused on non-domain based servers.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month17 days, 11 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question