troubleshooting Question

vpn query

Avatar of mikey250
mikey250 asked on
Windows Server 2003Microsoft Server OSMicrosoft Forefront ISA Server
13 Comments6 Solutions490 ViewsLast Modified:
hi ive configured my win 2003 platform on separate servers as shown step by step below and hope someone could spend a little time confirming my steps are (good) as im aware now this 'vpn lark' can be time consuming and was hoping someone could see where i am going wrong as ive created a vpn via my windows 7 laptop with currently (firewall turned off) & cannot ping my isa2006/external nic & not sure where on my netgear router vmdg280 to allow icmp) although added: dns/http anyway either way i still cannot logon as a vpn client..!!!?

its took me around 2 weeks to get to this stage!!!!!!!!!!!!!

- master dc/dns/dhcp - static address: 10.0.0.x/24

- host xp pc static address: 10.0.0.x/24

- isa2006/internal nic1 member server: static address: 192.168.100.2/24 - static route added to point to my int fa0/0 3600 router (no other configurations on this router)!!

- int fa0/1 3600 - static route added pointing back to isa2006 internal nic1

- isa2006/external nic2: dynamic 192.168.0.3/24 via my netgear router box connected via coaxial cable to internet (my netgear box allows everything as only default settings set at this time)..!!

note: my isa2006 windows 2003 platform is configured for: ias/radius using 'shared secred key'...!! & vpn client & remote access policy is already in place!!!

note: all servers/host pc are logged onto domain successfully and receive internet access via isa2006 as per added 'firewall policies' ive added : dns/http/https/dhcp request/reply..!

- created an 'ou'
- created & linked a gpo successfully
- created user account & tested logon to domain successfully
- accessed same user account & select properties for: 'store password using reversible encryption'
- selected user account & also ticked 'control access through remote access policy' (ias/radius deals with this & (nps is part of win 2008 not win 2003.

isa2006 'configure vpn client access' ive followed each step below:

step 1 - selected dhcp & enabled vpn client access
step 2 - specify windows users - successfully added 'domain users' in group
step 2 - radius server - i did not select this as ive already installed and configured - ias/radius
step 3 - ive selected 'verify vpn properties' & selected both: pptp & l2tp for now..!!
step 3 - ive also selected remote access server & ticked boxes:
- external
- internal
- all networks (& local host)
- all protected networks - i did not tick this box..!!!!!!!!!!
step 4 - ive selected view firewall policy for the vpn clients network as ive already added the below & was prompted to install the 'dhcp relay agent'which i have added via 'rras'

- name: vpn remote users
- action: allow
- protocols: all outbound traffic
- from/listener: vpn clients
- to: internal/local hosts
- condition: all authenticated users/all users/accountant users - this is my gpo previously created

step 5 - view network rules - the following was already in place:

- name: local host access
- relation: route
- source networks: local host
- destn networks: all networks (& local host)

ive now added the following:

- name: vpn users
- relation: route
- source networks: vpn clients
- destn networks: internal

- rras rebuild server - this was used when adding 'dhcp relay agent'
- netsh ras add registeredserver - successfully

note: after any change i make i also do: gpupdate /force
note: i have not added firewall client software as been informed i do not need it in this case...!!

question 1.
- http://technet.microsoft.com/en-us/library/cc302534.aspx - there are some issues in here than im not sure about if i could ask someone ??

windows 7 test laptop currently has 'firewall' switched off & used to test vpn (locally) by plugging cable into my netgear router box which allocates an address via the built-in dhcp feature allocating the isa2006/external nic: 192.168.0.3 so this is the address i use to point in that direction to logon into my network as a way to confirm my remote vpn configurations are correct on the local side, before i go to a friends house and test there, but this time using my isp default gateway specific for me.  assuming thats correct i think!!

- type of vpn: ive selected 'auto' as both pptp & l2tp are in list
- same shared secret key successfully added
- opened up a browser and check 'vpn added' successfully
- selected 'tools, internet options/connections tab & selected: vpn settings to confirm details i had previously added successfully:

- ticked box for auto detect settings - successfully
use auto configuration script: added : http://isa2006-serv.cogs.local:8080

- ticked box for 'proxy server: isa2006-serv.cogs.local port 80 added not: 8080 this time
- ticked box for 'bypass proxy server for local addresses

the issue i have still:

i keep receiving error so i have been looking in the following 'url' but cant seem to get this right:
http://www.howtonetworking.com/vpnissues/error930.htm
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 6 Answers and 13 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 6 Answers and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros