Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Wed Sep 18 2002 - 14:52:55 CDT
your error was probably caused because you did not forward the GRE packets
(IP protocol 47) to the PPTP Server, you just forwarded port 1723/tcp.
Maybe Fabian is having the same problem.
John the Kiwi <johnjohnthekiwi.com>
RE: Authentication problems using VPN on MS ISA
Check your routers. I had a similar problem and after a lot of
frustration and no answeers in the MS knowledge base we realised that
the router we were using didn't correctly support VPN connections.
Port 1723 was correctly forwarded but the server would only begin to
authenticate and then the connection would time out.
We tested this by successfully connecting via VPN from the local subnet
of the server, but I assume that would be one of the first tests you
Also, I hate to be too anal but have you triple checked your ISA
settings? The ISA help system is very helpful for confirming your
settings. If you don't have many rules set up it would also be a simple
task to uninstall ISA and try the VPN connection then before
That's what I'd do anyway.
John the Kiwi
On Tue, 2002-09-17 at 13:57, Jim Harrison (SPG) wrote:
> Are you trying to VPN *_to_* or *_through_* the ISA server?
> In other words, is the RRAS server *_on_* or *_behind_* ISA?
> ISA can't pass IPSec or PPTP traffic, but it does support locally-based
> Win2K RRAS VPN.
> Can ISA validate the credentials to either a domain or RADIUS service?
> -----Original Message-----
> From: Fabian Aubrey [mailto:faubreygicnet.ca]
> Sent: Wednesday, September 11, 2002 8:52 AM
> To: focus-mssecurityfocus.com
> Subject: Authentication problems using VPN on MS ISA
> Authentication problems using VPN on MS ISA:
> We are having difficulty establishing a VPN connection thru MS ISA. We
> receive error 691 (authentication) from the server at each connection
> attempt. The login we are using is correct however, something seems to
> be happening at the ISA level that rejects that login. All parameters
> have been verified as per Microsoft Q docs but to no avail. Can anyone
> shed any light as to what ISA might be doing to the VPN connection as it
> seems that we are contacting the server but just sending garbage as
> Thank You