Pushpakumara Mahagamage
asked on
ISA 2006 outbound pptp
Dear experts,
Im behind of ISA 2006 gateway. When I dial to VPN server from my windows XP workstation over PPTP I got user name password verification dialog box and then error 619 port used to this connection was closed. PPTP out bound is open, and which ports do I need to open to connect to VPN. And how to check GRE is enable on ISA 2006.
Thanks,
Pushpe
Im behind of ISA 2006 gateway. When I dial to VPN server from my windows XP workstation over PPTP I got user name password verification dialog box and then error 619 port used to this connection was closed. PPTP out bound is open, and which ports do I need to open to connect to VPN. And how to check GRE is enable on ISA 2006.
Thanks,
Pushpe
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Should be the PPTP port 1723 but also IP protoocol GRE. If you are using the predefined PPTP protocol in ISA Server then it will include all that you need.
Can you confirm whether you've tried it already with ISA, and if so whether you are having problems with the connection? Thanks.
Can you confirm whether you've tried it already with ISA, and if so whether you are having problems with the connection? Thanks.
GRE is IP Protocol 47, if you need to review it or create it. Note that this is an IP protocol number (like TCP, UDP, ICMP, AH, ESP) not a TCP or UDP port number.
The transparent pptp should suffice for the GRE.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I allow all outbound traffic true ISA and create IP protocol 47 send and IP protocol 47 send receive protocol definition too. But it gives same error 619 for remote PPTP server . If I connect notebook directly to ADSL router, then I can successfully connect remote PPTP VPN.
If I connect same notebook true ISA it gives error 619
I couldnt find another brand ADSL router yet to test whether router gives some error. Ill test it and tell you
Thanks
Pushpe
If I connect same notebook true ISA it gives error 619
I couldnt find another brand ADSL router yet to test whether router gives some error. Ill test it and tell you
Thanks
Pushpe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Pushpe, how did you 'make' protocol 47? Protocol 47 is exactly that, it is NOT a tcp port number so you can't just make it....
ASKER
Yes its neither TCP no UDP I open IP Level 47. I think that is GRE. I found all outbound access rule doesnt allow GRE, DHCP (Request), then I create access rule for them too. Now PPTP initiate, GRE initiate then PPTP close, same VPN error 619 shows on client computer.
Cheers,
Pushpe
Cheers,
Pushpe
Keith
It depends on your version of ISA if you have 2004 or 2006 in the console view your firewall policies
From teh tool box select protocols and select new
Give a suitable name such as GRE in/out, on the next screen select protocol type IP-Level and give it the number 47 allowing in send receive direction.
Once created you can create a policy to allow the protocol this will enable the GRE protocol through the ISA server
update - im still waiting for Netgear to get back to me with regards my vpn query
It depends on your version of ISA if you have 2004 or 2006 in the console view your firewall policies
From teh tool box select protocols and select new
Give a suitable name such as GRE in/out, on the next screen select protocol type IP-Level and give it the number 47 allowing in send receive direction.
Once created you can create a policy to allow the protocol this will enable the GRE protocol through the ISA server
update - im still waiting for Netgear to get back to me with regards my vpn query
ASKER
Yes thats the way I create protocol definition for IP Level 47. ISA query gives out put like that
Log type: Firewall service
Status:
Rule: Unrestricted Internet access
Source: Internal (10.20.10.58:2685) my windows xp
Destination: External (60.241.10.10:1723) Remort RAS
Protocol: PPTP
User:
Additional information
Number of bytes sent: 516 Number of bytes received: 476
Processing time: 3078ms Original Client IP: 10.20.10.58
Client agent:
it seems still bloking GRE trafic. how should i criate access rule for GRE
Log type: Firewall service
Status:
Rule: GRE
Source: External (60.241.10.10)
Destination: Local Host (192.168.1.2) (wan interface of ISA, DMZ)
Protocol: GRE send
User:
Additional information
1. Number of bytes sent: 0 Number of bytes received: 0
2. Processing time: 0ms Original Client IP: 60.241.10.10
3. Client agent:
Thanks,
Pushpe
Log type: Firewall service
Status:
Rule: Unrestricted Internet access
Source: Internal (10.20.10.58:2685) my windows xp
Destination: External (60.241.10.10:1723) Remort RAS
Protocol: PPTP
User:
Additional information
Number of bytes sent: 516 Number of bytes received: 476
Processing time: 3078ms Original Client IP: 10.20.10.58
Client agent:
it seems still bloking GRE trafic. how should i criate access rule for GRE
Log type: Firewall service
Status:
Rule: GRE
Source: External (60.241.10.10)
Destination: Local Host (192.168.1.2) (wan interface of ISA, DMZ)
Protocol: GRE send
User:
Additional information
1. Number of bytes sent: 0 Number of bytes received: 0
2. Processing time: 0ms Original Client IP: 60.241.10.10
3. Client agent:
Thanks,
Pushpe
ASKER
I will install another ISA 2000 box for outbound PPTP. And Ill post if I found solution for ISA 2006 for Andre. Everything working fine on my ISA 2006 except PPTP outbound. VPN PPTP inbound also working fine.
Thanks for your help.
Thanks for your help.
You're welcome for the help. Sorry we didn't get it sorted for you on 2006 :(
ASKER
Hi
Problem Identified. Its not only ISA 2006 enterprise Issue. That ISA box works fine with another DSL router with just PPTP out bound rule. You dont have to brother GRE or any other protocol to work PPTP outbound. And that US Robotics Router and another 2 same US Robotics routers pass PPTP traffic through firewall such as ISA 2000, Linux Iptables . But not with ISA 2006 EE.
Pushpakumara
Problem Identified. Its not only ISA 2006 enterprise Issue. That ISA box works fine with another DSL router with just PPTP out bound rule. You dont have to brother GRE or any other protocol to work PPTP outbound. And that US Robotics Router and another 2 same US Robotics routers pass PPTP traffic through firewall such as ISA 2000, Linux Iptables . But not with ISA 2006 EE.
Pushpakumara
:) thanks for the update
ASKER
Shuld i open ports other than PPTP to establish a VPN Connection?
Thanks,
Pushpe