VPN - "Error 628: The connection was terminated by the remote computer....."

We have a Small Business Server 2003 Premium Edition that had chronic  "Error 800: Unable to establish connection" errors every time we tried to establish a PPTP VPN connection.   This KB article seemed to describe the problem quite well and the patch here was applied: http://support.microsoft.com/?kbid=948496

However, now we have a different error - "Error 628: The connection was terminated by the remote computer before it could be completed.  For furhter assistance, click More Info or search Help and Support Center for this error number".   This is actually an issue with both incoming and outgoing VPN but right now we're only worried about outgoing VPN.

We've ruled out the modem - it's been replaced by one that definitely does do PPTP / GRE passthrough.  A laptop plugged directly into this modem can VPN out and can be VPN'd into.
The rules on the ISA server have a temporary rule to allow all traffic from and to all networks.
We're running out of ideas....

WAN Interface on server:

 IP Address. . . . . . . . . . . . :
 Subnet Mask . . . . . . . . . . . :
 Default Gateway . . . . . . . . . :
 DNS Servers . . . . . . . . . . . :
 Primary WINS Server . . . . . . . :

LAN Interface on server (highest in search order):

 IP Address. . . . . . . . . . . . :
 Subnet Mask . . . . . . . . . . . :
 Default Gateway . . . . . . . . . :
 DNS Servers . . . . . . . . . . . :
 Primary WINS Server . . . . . . . :

Can anybody hep?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Have you re-run the ceicw?
Have you applied the sbs2003 sp1 and upgraded ISA to 2004?
Have you applied the ISA 2004 sp3?
nwteamAuthor Commented:
Yep - done all of that.  ISA2004 SP3, SBS 2003 SP1 and then SP2 put on top of that.

Keith AlabasterEnterprise ArchitectCommented:
So what do you see in the realtime log on ISA when a connection attempt is made?
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

nwteamAuthor Commented:
Only 3 lines per attempt.....

Destination IP, Destination Port, Protocol, Action, Client IP

x.x.x.x, 1723, PPTP, Initiated Connection,
x.x.x.x, 0, PPTP, Initiated Connection,
x.x.x.x, 1723, PPTP, Closed Connection,
I have the same problem. This happens when you try to connect to a vpn from behind ISA.
nwteamAuthor Commented:
It was the modem afterall.  While having the PPTP pass through ability, it seems certain Linksys modems that have VPN features built in do not function well behind ISA where VPN is concerned.  So basically what I'd done to try fix the problem complicated it.  I would have been better applying the patch and keeping the original modem!  
Use RRAS instead
PAQed with points refunded (500)

EE Admin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.