Set up VPN group through ISA 2006

bizzie247
bizzie247 used Ask the Experts™
on
I am trying to set up VPN through ISA 2006. I have the VPN group setup on the Win 2003 server. When I go to the ISA console > Virtual Private Networks >Enable VPN client access > Properties > Groups then click on Add, the ISA server only shows itself. I can not see the DC or nothing else on the network. The server itself can browse the network but while in the ISA console, ISA can not see beyond itself. Beyond this issue, ISA seems to work fine in blocking, allowing, Remote Access to it, and even Exchange 2007.
Is there a step that I am missing in the ISA config? Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Commented:
You have to click on the Location Button in the "Add" dialog and choose the Domain.
If you have no Domain Listed then ISA is not a domain member
If ISA is not a domain member:
1. Uninstall ISA from the machine
2. Make the machine a Domain Member
3. Reinstall ISA on the machine and reconfigure
open all protocols between ISA and DC

Author

Commented:
I have re-installed ISA on the server with the same results. The ISA server was and is a Domain member.

What do you mean by: open all protocols between ISA and DC? How would I confirm this?

Also, when we look at 'Networks' in the ISA console it says that:

Local Host: No IP addresses are currently assigned to ths network
VPN:  No IP addresses are currently assigned to ths network
Quarantined VPN Clients:  No IP addresses are currently assigned to ths network

Could this be the issue? How do I assign an IP address to this network?

Thanks for the suggestions thus far.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Most Valuable Expert 2011

Commented:
ISA the TCP/IP Specs of the ISA coprrect??
They cannot be done just any old way,...they have to be handle a very pacific way.
Internal Nic must be first in the binding order
External nic must have the DFG but have DNS blank
Internal nic must never have a DFG, but must have the DNS and it must only be the AD/DNS and never anything else.

Author

Commented:
Yes, all settings that you have mentioned are correct.
Most Valuable Expert 2011

Commented:
Then you are going to have to show screen shots of what is not right.

Author

Commented:
See attached......
The First shot shows that the DC does not show up when I try to change locations so that I can add the AD group. The ISA server only shows it and I can change it. On this server (Windows 2003/Service Pack 1), I can browse the network and see all other computers and servers. I can not see the network from the ISA console.

The second shot shows that there are no IP addresses assigned to the Local Host, VPN Clients, and Quarantined VPN Clients. I dont know if this is related and or the reason that I cant see the DC from inside the console but I thought it was strange and worth mentioning.

THANKS
Set-up-VPN-group-through-ISA-200.doc
Most Valuable Expert 2011
Commented:
I have never seen that look like that unless the ISA machine was not a Domain Member or the machine was not made a member before the ISA software was installed.
I don't know what to tell you about that.  You could create an "allow everything" between "Internal, Localhost" and "Internal, Localhost" (no that is not a typo).  But if it works then that only covers up the problem,..it does not solve the underling problem.
Those networks are not supposed to have IP#s associated with them.  There is nothing wrong with them.

Author

Commented:
I am going to have to go through Microsoft's (e-mail) fee-based support. I will let you know what resolved this issue. Thanks for the suggestions.

Author

Commented:
It seems that I had the ISA configured wrong when I asked for assistance and did not provide accurate information to the Experts within Experts Exchange. The VPN server was NOT the ISA server so I did not need to have VPN client access enabled.
Since our VPN server is on another machine (not the ISA server) that is behind the ISA server, I needed to create a non-webserver publishing rule to publish the VPN server.

Thanks for the time that you spent trying to help on this. LET ME KNOW WHAT TO DO WITH CLOSING THIS AND THE POINTS. If my information was correct, your suggestions would have solved the issue.
Most Valuable Expert 2011

Commented:
I don't know how to "close" any posts or how to handle that.  I have never asked questions here and have never had to deal with that.  All I have ever done is reply to questions.

Author

Commented:
Reinstalling, in part, was the solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial