Solved

pptp vpn clients are not able to open shared network drives on ISA server

Posted on 2009-05-04
6
469 Views
Last Modified: 2012-05-06
hi, we have the following:´
LAN---ISA SERVER---LINKSYS RV042---INTERNET
We connect using PPTP VPN to the LINKSYS RV042 and from there we would like to run some SQL applications and also see some shared network drives on that ISA server. We created a rule on the ISA to allow acces from the VPN clients into it, the rule was defined to treat the VPN client network as a trusted network so all IP protocol (TPC and UDP) comes in and goes out from and to the VPN clients however we can run any application on any port except for the networking shared drives. Is there anything we can configure on that ISA so we can go to run and type \\172.16.1.1 (actual IP address of the ISA SERVER WAN interface) and the see the shared drives? by default ISA does not allow windows networking on its WAN unless you defined the source IP as trusted is what we thought but still not working. TOPOLOGY changes suggestions are welcome however we were unable to find the way to forward the protocol ESP to and inbound host on this Linksys rv042. thanks
0
Comment
Question by:wirlan
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24305944
If you use the router in front of ISA to establish VPN connections, ISA is not aware about the fact, that this should be an internal user.

I would recommend to use ISA as VPN server. You can arrange that by setting your router to VPN pass through (or by opening the associated ports, if ther is no such setting). In that case, your VPN client is handled by ISA and therefore handled by the VPN client rules. As the client is on the internal network in that case, you can get full access to any internal resources.


0
 

Author Comment

by:wirlan
ID: 24306998
I understand the suggestion however I couldn`t find the way to port forward the 1753 port and the ESP protocol. Linksys only allows to port forward on TCP and UDP ports, it woun`t do forwarding for the ESP protocol itself so that is why the PPTP VPNs are connecting to the router... We want to keep the router in front of the ISA server for security porpuses. thanks for the reply!
0
 

Author Comment

by:wirlan
ID: 24307183
Correction. GRE protocol I meant. NOT ESP. thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 24307515
ISA is a fully featured firewall solution. There is no reason, to protect ISA itself (if setup correctly). Most of the routers have a (simple) Firewall included. Your RV042 is not the cheapest one, so I would assume, that it provides, what is needed.

Most of the routers (also the cheap ones) provides a setting which is called VPN pass through. This opens all ports (mostly for PPP or IPSEC / L2TP). You can do this also by hand of course. If this also includes ESP depends from the router itselves.

ESP is IP protocol number 50.
So you may have a look where you can enable this within your router. As this is on IP level, not on TCP level,  it has nothing to do with port forwarding (which is on TCP level). Port forwarding for TCP ports are protocol type 6.

You may find either some directly configuration options for IP based protocols or you may have to change the default firewall filters. Most of the routers are preset to allow everthing outgoing and nothing incoming. And this may also block all kinds of protocol types, which the exception of the basic TCP / UDP protocol types, which are controlled by port forwarding.

Have a look here, what I found about linkssys:
http://www.astaro.org/astaro-gateway-products/vpn-site-site-remote-access/3497-open-port-ike-phase-2-a.html

The advantage of passing through VPN through the router is, that you have a better control on your VPN clients using ISA. otherwise you would have to drill some holes into the ISA. ISA directyl supports all kinds of VPN clients and authentication types including certificates and so on. Your client is inside the network. If the VPN connection ends at your router, you have to explicitely open all needed services one by one through ISA as your client is outside the network.
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 500 total points
ID: 24307569
OK, GRE is usually a Cisco issue. Mostly in combination with cisco firmware and MS VPN clients as well as servers.

GRE is protocol type 47

Have a look here, if this helps:
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=112185
0
 

Author Closing Comment

by:wirlan
ID: 31577866
thank you guys
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2003 new patches 11 71
Best practice DHCP migration 7 67
Migration of AD user accounts from Server 2003 to 2012R2 5 83
SBS 2003 RWW Login 3 36
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question