pptp vpn clients are not able to open shared network drives on ISA server

hi, we have the following:´
LAN---ISA SERVER---LINKSYS RV042---INTERNET
We connect using PPTP VPN to the LINKSYS RV042 and from there we would like to run some SQL applications and also see some shared network drives on that ISA server. We created a rule on the ISA to allow acces from the VPN clients into it, the rule was defined to treat the VPN client network as a trusted network so all IP protocol (TPC and UDP) comes in and goes out from and to the VPN clients however we can run any application on any port except for the networking shared drives. Is there anything we can configure on that ISA so we can go to run and type \\172.16.1.1 (actual IP address of the ISA SERVER WAN interface) and the see the shared drives? by default ISA does not allow windows networking on its WAN unless you defined the source IP as trusted is what we thought but still not working. TOPOLOGY changes suggestions are welcome however we were unable to find the way to forward the protocol ESP to and inbound host on this Linksys rv042. thanks
wirlanAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
BembiConnect With a Mentor CEOCommented:
ISA is a fully featured firewall solution. There is no reason, to protect ISA itself (if setup correctly). Most of the routers have a (simple) Firewall included. Your RV042 is not the cheapest one, so I would assume, that it provides, what is needed.

Most of the routers (also the cheap ones) provides a setting which is called VPN pass through. This opens all ports (mostly for PPP or IPSEC / L2TP). You can do this also by hand of course. If this also includes ESP depends from the router itselves.

ESP is IP protocol number 50.
So you may have a look where you can enable this within your router. As this is on IP level, not on TCP level,  it has nothing to do with port forwarding (which is on TCP level). Port forwarding for TCP ports are protocol type 6.

You may find either some directly configuration options for IP based protocols or you may have to change the default firewall filters. Most of the routers are preset to allow everthing outgoing and nothing incoming. And this may also block all kinds of protocol types, which the exception of the basic TCP / UDP protocol types, which are controlled by port forwarding.

Have a look here, what I found about linkssys:
http://www.astaro.org/astaro-gateway-products/vpn-site-site-remote-access/3497-open-port-ike-phase-2-a.html

The advantage of passing through VPN through the router is, that you have a better control on your VPN clients using ISA. otherwise you would have to drill some holes into the ISA. ISA directyl supports all kinds of VPN clients and authentication types including certificates and so on. Your client is inside the network. If the VPN connection ends at your router, you have to explicitely open all needed services one by one through ISA as your client is outside the network.
0
 
BembiCEOCommented:
If you use the router in front of ISA to establish VPN connections, ISA is not aware about the fact, that this should be an internal user.

I would recommend to use ISA as VPN server. You can arrange that by setting your router to VPN pass through (or by opening the associated ports, if ther is no such setting). In that case, your VPN client is handled by ISA and therefore handled by the VPN client rules. As the client is on the internal network in that case, you can get full access to any internal resources.


0
 
wirlanAuthor Commented:
I understand the suggestion however I couldn`t find the way to port forward the 1753 port and the ESP protocol. Linksys only allows to port forward on TCP and UDP ports, it woun`t do forwarding for the ESP protocol itself so that is why the PPTP VPNs are connecting to the router... We want to keep the router in front of the ISA server for security porpuses. thanks for the reply!
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
wirlanAuthor Commented:
Correction. GRE protocol I meant. NOT ESP. thanks
0
 
BembiConnect With a Mentor CEOCommented:
OK, GRE is usually a Cisco issue. Mostly in combination with cisco firmware and MS VPN clients as well as servers.

GRE is protocol type 47

Have a look here, if this helps:
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=112185
0
 
wirlanAuthor Commented:
thank you guys
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.