ISA 2004 - W2k3  .....VPN will not all

Posted on 2006-04-28
Last Modified: 2013-11-16
Hi Guys,

VPN with Radius authentication

Quick question :

1.  When configuring ISA VPN shouldn't RRAS get enabled and configured automatically by ISA.  If so, then this is my problem.  My RRAS doesn't appear to get enabled/configured.  Tried re-installing ISA, even the whole 2003 server due to a corrupt ghost image.  Still the same issue.

Have notice a couple of errors in the event log :

 a)  MSSQL$MSFW  Event id 19011   ....something about not enough registry info or use /AUXSOURCE=flag message dll.  - (Basically the SQL icon in the task bar is blank ie. no server/configuration details).  Thought this was something to do with logging, so have dismissed it as the cause of VPN not working.

b)  Got another error about how the NETWORK SERVICE account could not access/write to  the HKLM/system/current/service/remoteaccess/paramenters/IP section of the registry.  Fixed this by giving it the correct permissons.

Have re-installed, with different combinations(Reg edit then install, enable RRAS then install etc...) with the same results above.  Server is 2003 sp1 ISA 2004 sp1

I am positve that I have set it up properly (Radius, remote access policies  etc...)  In logging, can see the PTPP request coming in and it hitting the correct system rule - lafter a wee while looks as though it timesout and closes the connection.  Get 721 no respond at the client after it tries to authenticate the username/password.  Have tried basic VPN using RRAS for authentication.  Same problem.

Convinced its RRAS.

Anyone any ideas?



Question by:ianmclachlan
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Have you actually enabled the vpn within ISA?
    Have you created the rules allowing VPN client --> Internal etc?
    Are your users getting prompted for a username/password or is the timeout before this point?
    Is your external router/firewall allowing GRE traffic to pass?
    If you setup an IPSEC VPN instead, does this work OK?
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Any update?

    Author Comment

    Hi Keth,

    Thanks for your reply.

    I have enabled the VPN
    The VPN system rule is automatically created when you enable VPN and I have checked its there and confirgured properly VPN Client (external going to internal) etc....
    Router allows GRE traffic to pass
    Not tried an IPSEC VPN yet, however, what was your thinking about why this would work?

    Any help would be appreciated.



    LVL 51

    Accepted Solution

    Wasn't sure what your ouside router/firewall was. Some do not let gre traffic through; might have been your issue. Now that you have confirmed GRE passes, Its a rethink.

    I have never had any error messages when installing ISA2000, 2004 or 2006. To be honest, they would be concerning me before I started. If you disable the RADIUS requirement within the VPN config, does RRAS start OK? Enabling the client kicks RRAS into life normally.

    The 19011 error is generally seen when something has gone pear-shaped with the auditing configuration. It will be an SQL/MSDE error but can be caused on non-domain based servers.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    This video discusses moving either the default database or any database to a new volume.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now