Solved

ISA site to site vpn pptp

Posted on 2008-10-11
8
1,509 Views
Last Modified: 2012-05-05
Hello everyone,

I have 2 sites with ISA 2006 servers in both locations.
I have setup a site to site vpn (pptp) between the 2 ISAs
following the instructions given on online tutorials eg. http://www.isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html

However, the site to site vpn is not being established.

I have verified that the local user accounts used in connecting the the ISAs
are correct.

The error I get has no event id, :
"The connection was terminated by the remote computer before it could be completed."

From a remote client I can access the vpn in either of the 2 sites, so I
know the remote access vpn is working on both.

The logging in ISA shows the PPTP connection being allowed and initiated but closed a second later.
0
Comment
Question by:anarine
  • 5
  • 3
8 Comments
 
LVL 11

Expert Comment

by:EricTViking
ID: 22697343
The first thing to check is that you have setup the user accounts for each connection to have *exactly* the same name as the name of each connection.  I went round in circles a few months back myself because the accoutn name as "MainSite" and the VPN rule was called "Main Site" - the extra space prevented the VPN connecting.

Also double, triple check your passwords are correctly entered on your accounts and VPN links.

You can monitor the status of your VPN connection in Administrative Tools -> Routing and Remote Access. This can be useful for manually connecting your VPN interfaces. Don't make any changes here though as ISA will overwrite them - always make your changes through ISA.
0
 

Author Comment

by:anarine
ID: 22697521
The user accounts are correct, I uninstalled ISA and did a manual connection from RRAS using the same user account. It worked.
The problem I beleive is that I cannot connect to the remote vpn from behind the ISA.
What else can I try ?
0
 

Author Comment

by:anarine
ID: 22697537
Neither can I connect to the remote VPN from the ISA box itself. I created a client  vpn connection from control panel/network connecions on the local ISA server. When I try to connect, I get the same error
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22697600
With RRAS what I was saying is that when you setup your VPN in ISA, you can see the interfaces it creates in RRAS. You can then manually initiate a connection via the RRAS (Routing and Remote Access) MMC, but you're using an interface that was created by ISA.

You may want to check your firewall rules, but bear in mind that if your connecting from the ISA box you are on the 'localhost' whereas if your connecting from a client your on 'internal'.

Have you checked your Windows event logs to see what is being logged when the VPN fails?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:anarine
ID: 22697982
My situation is the exact problem that these people are having:
http://forums.isaserver.org/m_300118800/mpage_1/key_/tm.htm#2002046583
 
The problem I beleive is that I cannot connect to the remote vpn from behind the ISA.
I can connect successfully to the vpn from an xp workstation what does not go through the ISA.
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22698671
I am confused.

Your original question was about problems with a site to site VPN link, but the link you posted seems to imply problems between xp client to isa server VPN connections.

Which scenario are you trying to troubleshoot?
0
 

Author Comment

by:anarine
ID: 22699778
Ok I will explain. I beleive the reason why the site to site vpn is not established  is because the vpn connection cannot be made from behind the ISA server.
The link I provided shows people who have the same issue, that is, the vpn can only be established when the ISA server is bypassed.
If I am on an xp machine that is behind the ISA server I cannot establish the Vpn. If however, I connect the same xp computer directly to the router I can connect to the vpn on the remote side.
The link shows that the problem may lie with the DSL modem, that may need a firmware upgrade. What could be causing this ?
0
 

Accepted Solution

by:
anarine earned 0 total points
ID: 22719558
I have implemented RRAS, and removed the ISA server. The VPN connection was established.
The ISA server I beleive is not working well with the DSL modem
 
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now