Registered users    
MembershipMembership:
Latest New UserLatest:jenisa villarin
New TodayNew Today:13
New YesterdayNew Yesterday:9
User CountOverall:23322
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12890
Marina Roos12507
Eriq Neale2114
Stan Guinn1913
Michael Patrick1912
Robert Pearman1770
Nick Pieters1425
Stewart Brown616
william warren598
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004
Subject: ISA 2004 + RV042 + VPN = No client connection
Prev Next
You are not authorized to post a reply.

Author Messages
Kevin Woolley User is Offline
United States
Member since
4/7/2007

Platinum Membership
Posts: 15
10/10/2007 05:13 AM  
We have been fighting this for a while now.  It started with a Netgear router on both ends with a tunnel between them and remote users initiating a client based vpn to connect to the SBS 2003 R2 Premium box.  It was a very unreliable connection method and proved unsatisfactory for our customer.  We are now using  RV042's at another location to connect remote clients into a stand alone ISA server without issue.  However, we can not make the same type of connection work with the sbs.  I have even went so far as to screen capture every ISA config setting and copy it on the sbs box with no luck.  Here is our current state of affairs:

I have created the vpn on the rv042 and on the sbs with success.  This was done by specifying the IP addresses on both ends (sbs external 44.44.22.22, sbs internal 192.168.1.10, rv042 external 66.66.15.15, and rv042 internal 192.168.7.1).  It connects and I can see the connection on both ends with no problem.  Great you say, but here is the catch:  I can use the diagnostic utility on the rv042 to ping both the external and the internal IP of the sbs with no problem.  When I try the same ping from a workstation connected directly to the rv042 the ping fails.  Pinging from the sbs to either the external or the internal rv042 IP also fails.  I have tried configuring the rv042 so that it uses subnets rather than specific IPs but it will not make the vpn connection configured like this.  I have ensured that the sbs is configured with the remote network as 192.168.7.0 thru 192.168.7.255.  The vpn connects and works, even allowing a ping to reach the internal interface of the sbs, so it has to be configured correctly (but what do I know, I can't make it work right???).

Can someone PLEASE help explain why I can ping from the router but not from the client???  I really need this to work so that I can join the remote workstation to the domain.   I would like to include a drawing I threw together in Visio and saved as a .jpg(89 kb), but this forum app won't allow it.  If you want to see it let me know and I will forward it to you.  I have the nagging feeling that I am missing a global setting on the sbs, but I don't know what it is.

Kevin
Henri Fournier User is Offline
Canada
Member since
4/19/2006

Registered Users
Posts: 34
11/04/2007 12:01 AM  
If you search here for RV042, you'll find a couple of old threads about it.
 
I followed this article and got it to work:
 
I added the routers external IP to the outgoing ISA Rule along with the remote subnet, and added the SBS external IP to the incoming ISA Rule along with the internal subnet.
 
I set the router's DNS servers to:
  1. SBS IP
  2. First DNS Server of ISP
There are still a couple of issues though.
  • I can't ping remote machines from the server. I have to login to an internal client workstation to ping or RDP a remote client
  • I have one workstation at each of two remote sites that generates dozens of TCP connections (use TCPView from SysInternals)
  • Connections drop occasionally and I haven't figured out why yet
Here's the error message I get in Monitoring:
 
Source      Event ID   Last Occurrence         Total Occurrences
Security     547         04/11/2007 5:43 AM   1,436 *
IKE security association negotiation failed. Mode: Data Protection Mode (Quick Mode) Filter: Source IP Address  Source IP Address Mask 255.255.255.255 Destination IP Address 10.1.0.0 Destination IP Address Mask 255.255.255.0 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr IKE Peer Addr  IKE Source Port 500 IKE Destination Port 500 Peer Private Addr Peer Identity: Preshared key ID. Peer IP Address: Failure Point: Me Failure Reason: IKE SA deleted by peer before establishment completed Extra Status: Processed third (ID) payload Initiator(Internal). Delta Time 8 0x0 0x0
--
Henri Fournier
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > ISA 2004 + RV042 + VPN = No client connection


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.2812518 seconds.   :   Terms Of Use   :   Privacy Statement