hi ive configured my win 2003 platform on separate servers as shown step by step below and hope someone could spend a little time confirming my steps are (good) as im aware now this 'vpn lark' can be time consuming and was hoping someone could see where i am going wrong as ive created a vpn via my windows 7 laptop with currently (firewall turned off) & cannot ping my isa2006/external nic & not sure where on my netgear router vmdg280 to allow icmp) although added: dns/http anyway either way i still cannot logon as a vpn client..!!!?
its took me around 2 weeks to get to this stage!!!!!!!!!!!!!
- master dc/dns/dhcp - static address: 10.0.0.x/24
- host xp pc static address: 10.0.0.x/24
- isa2006/internal nic1 member server: static address: 192.168.100.2/24 - static route added to point to my int fa0/0 3600 router (no other configurations on this router)!!
- int fa0/1 3600 - static route added pointing back to isa2006 internal nic1
- isa2006/external nic2: dynamic 192.168.0.3/24 via my netgear router box connected via coaxial cable to internet (my netgear box allows everything as only default settings set at this time)..!!
note: my isa2006 windows 2003 platform is configured for: ias/radius using 'shared secred key'...!! & vpn client & remote access policy is already in place!!!
note: all servers/host pc are logged onto domain successfully and receive internet access via isa2006 as per added 'firewall policies' ive added : dns/http/https/dhcp request/reply..!
- created an 'ou'
- created & linked a gpo successfully
- created user account & tested logon to domain successfully
- accessed same user account & select properties for: 'store password using reversible encryption'
- selected user account & also ticked 'control access through remote access policy' (ias/radius deals with this & (nps is part of win 2008 not win 2003.
isa2006 'configure vpn client access' ive followed each step below:
step 1 - selected dhcp & enabled vpn client access
step 2 - specify windows users - successfully added 'domain users' in group
step 2 - radius server - i did not select this as ive already installed and configured - ias/radius
step 3 - ive selected 'verify vpn properties' & selected both: pptp & l2tp for now..!!
step 3 - ive also selected remote access server & ticked boxes:
- all networks (& local host)
- all protected networks - i did not tick this box..!!!!!!!!!!
step 4 - ive selected view firewall policy for the vpn clients network as ive already added the below & was prompted to install the 'dhcp relay agent'which i have added via 'rras'
- name: vpn remote users
- action: allow
- protocols: all outbound traffic
- from/listener: vpn clients
- to: internal/local hosts
- condition: all authenticated users/all users/accountant users - this is my gpo previously created
step 5 - view network rules - the following was already in place:
- name: local host access
- relation: route
- source networks: local host
- destn networks: all networks (& local host)
ive now added the following:
- name: vpn users
- relation: route
- source networks: vpn clients
- destn networks: internal
- rras rebuild server - this was used when adding 'dhcp relay agent'
- netsh ras add registeredserver - successfully
note: after any change i make i also do: gpupdate /force
note: i have not added firewall client software as been informed i do not need it in this case...!!
- there are some issues in here than im not sure about if i could ask someone ??
windows 7 test laptop currently has 'firewall' switched off & used to test vpn (locally) by plugging cable into my netgear router box which allocates an address via the built-in dhcp feature allocating the isa2006/external nic: 192.168.0.3 so this is the address i use to point in that direction to logon into my network as a way to confirm my remote vpn configurations are correct on the local side, before i go to a friends house and test there, but this time using my isp default gateway specific for me. assuming thats correct i think!!
- type of vpn: ive selected 'auto' as both pptp & l2tp are in list
- same shared secret key successfully added
- opened up a browser and check 'vpn added' successfully
- selected 'tools, internet options/connections tab & selected: vpn settings to confirm details i had previously added successfully:
- ticked box for auto detect settings - successfully
use auto configuration script: added : http://isa2006-serv.cogs.local:8080
- ticked box for 'proxy server: isa2006-serv.cogs.local port 80 added not: 8080 this time
- ticked box for 'bypass proxy server for local addresses
the issue i have still:
i keep receiving error so i have been looking in the following 'url' but cant seem to get this right: