ISA 2006 outbound pptp

Yes, PPTP is open as http://support.microsoft.com/?scid=kb;en-us;838245 .  i can telnet VPNSERVER 1723. i'm going to connect windows 2000 RAS. if i bypass ISA i can connect to that VPN. My ISA 2006 runs on Windows 2003 R2 Enterprise edition.

Shuld i open ports other than PPTP to establish a VPN Connection?

Thanks,

Pushpe

Should be the PPTP port 1723 but also IP protoocol GRE.  If you are using the predefined PPTP protocol in ISA Server then it will include all that you need.

Can you confirm whether you've tried it already with ISA, and if so whether you are having problems with the connection?  Thanks.

GRE is IP Protocol 47, if you need to review it or create it.  Note that this is an IP protocol number (like TCP, UDP, ICMP, AH, ESP) not a TCP or UDP port number.

The transparent pptp should suffice for the GRE.

I allow all outbound traffic true ISA and create IP protocol 47 send and IP protocol 47 send receive protocol definition too. But it gives same error 619 for  remote PPTP server . If I connect notebook directly to ADSL router, then I can successfully connect remote PPTP VPN.
If I connect same notebook true ISA it gives error 619 
I couldnt find another brand ADSL router yet to test whether router gives some error. Ill test it and tell you

Thanks

Pushpe

Pushpe, how did you 'make' protocol 47? Protocol 47 is exactly that, it is NOT a tcp port number so you can't just make it....

Yes its neither TCP no UDP I open IP Level 47. I think that is GRE. I found all outbound access rule doesnt allow GRE, DHCP (Request), then I create access rule for them too. Now PPTP initiate, GRE initiate then PPTP close, same VPN error 619 shows on client computer.

Cheers,

Pushpe
 

Keith
It depends on your version of ISA if you have 2004 or 2006 in the console view your firewall policies
From teh tool box select protocols and select new
Give a suitable name such as GRE in/out, on the next screen select protocol type IP-Level and give it the number 47 allowing in send receive direction.
Once created you can create a policy to allow the protocol this will enable the GRE protocol through the ISA server

update - im still waiting for Netgear to get back to me with regards my vpn query

Yes thats the way I create protocol definition for IP Level 47. ISA query gives out put like that

Log type: Firewall service
Status:  
Rule: Unrestricted Internet access
Source: Internal (10.20.10.58:2685)  my windows xp
Destination: External (60.241.10.10:1723)  Remort RAS
Protocol: PPTP
User:  
 Additional information
Number of bytes sent: 516 Number of bytes received: 476
Processing time: 3078ms Original Client IP: 10.20.10.58
Client agent:
 
it seems still bloking GRE trafic. how should i criate access rule for GRE

Log type: Firewall service
Status:
Rule: GRE
Source: External (60.241.10.10)
Destination: Local Host (192.168.1.2) (wan interface of ISA, DMZ)
Protocol: GRE send      
User:       
 Additional information
1.      Number of bytes sent: 0 Number of bytes received: 0
2.      Processing time: 0ms Original Client IP: 60.241.10.10
3.      Client agent:

Thanks,

Pushpe

I will install another ISA 2000 box for outbound PPTP. And Ill post if I found solution for ISA 2006 for Andre. Everything working fine on my ISA 2006 except PPTP outbound. VPN PPTP inbound also working fine.

Thanks for your help.

You're welcome for the help.  Sorry we didn't get it sorted for you on 2006 :(

Hi
Problem Identified.  Its not only ISA 2006 enterprise Issue.  That ISA box works fine with another DSL router with just PPTP out bound rule. You dont have to brother GRE or any other protocol to work PPTP outbound. And that US Robotics Router and another 2 same US Robotics routers pass PPTP traffic through firewall such as ISA 2000, Linux Iptables .  But not with ISA 2006 EE.

Pushpakumara

:)  thanks for the update