OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
j.mickerts_at_gmx.net
Date: Wed Sep 18 2002 - 14:52:55 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi John,

    your error was probably caused because you did not forward the GRE packets
    (IP protocol 47) to the PPTP Server, you just forwarded port 1723/tcp.
    Maybe Fabian is having the same problem.

    Kind regards,

    Jens Mickerts

    John the Kiwi <johnjohnthekiwi.com>
    18.09.2002 07:40

    To
    focus-mssecurityfocus.com
    cc

    Subject
    RE: Authentication problems using VPN on MS ISA

    Hi Fabian

    Check your routers. I had a similar problem and after a lot of
    frustration and no answeers in the MS knowledge base we realised that
    the router we were using didn't correctly support VPN connections.

    Port 1723 was correctly forwarded but the server would only begin to
    authenticate and then the connection would time out.

    We tested this by successfully connecting via VPN from the local subnet
    of the server, but I assume that would be one of the first tests you
    did?

    Also, I hate to be too anal but have you triple checked your ISA
    settings? The ISA help system is very helpful for confirming your
    settings. If you don't have many rules set up it would also be a simple
    task to uninstall ISA and try the VPN connection then before
    reinstalling it.

    That's what I'd do anyway.

    Cheers
    John the Kiwi
    www.johnthekiwi.com

    On Tue, 2002-09-17 at 13:57, Jim Harrison (SPG) wrote:
    > Are you trying to VPN *_to_* or *_through_* the ISA server?
    > In other words, is the RRAS server *_on_* or *_behind_* ISA?
    >
    > ISA can't pass IPSec or PPTP traffic, but it does support locally-based
    > Win2K RRAS VPN.
    > Can ISA validate the credentials to either a domain or RADIUS service?
    >
    > Jim
    >
    > -----Original Message-----
    > From: Fabian Aubrey [mailto:faubreygicnet.ca]
    > Sent: Wednesday, September 11, 2002 8:52 AM
    > To: focus-mssecurityfocus.com
    > Subject: Authentication problems using VPN on MS ISA
    >
    >
    > Authentication problems using VPN on MS ISA:
    >
    > We are having difficulty establishing a VPN connection thru MS ISA. We
    > receive error 691 (authentication) from the server at each connection
    > attempt. The login we are using is correct however, something seems to
    > be happening at the ISA level that rejects that login. All parameters
    > have been verified as per Microsoft Q docs but to no avail. Can anyone
    > shed any light as to what ISA might be doing to the VPN connection as it
    > seems that we are contacting the server but just sending garbage as
    > auth.
    >
    >
    > Thank You
    > Fabian