crazijoe

OK,
Trying to implement a new ISA server for VPN. Want to have roaming clients access our network. We presently are using SonicWall for VPN but our boss wants to replace it with an ISA server.

I have a ISA server in the perimiter. 2 NICs, one on the external with a static public IP and one on the internal domain. The server is a member of the domain and has a static IP. I configured VPN client access and Firewall policy for the VPN. We have a DHCP server on the domain on one of the DCs.

At a client machine, outside our domain in the cloud, it hits the ISA server, goes to Verifying username and password then times out with a 721 error "The remote computer did not respond." Been working on this on and off for about a week and it is killing me.
Help!!!!


Ok, new update. I can now connect to the domain but I cannot access any shares. I can ping the servers and machines on the domain.

Here is the configuartion,

PPP adapter RBC-USA:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.20.185
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . : 10.0.20.185
DNS Servers . . . . . . . . . . . : 10.0.20.11
10.0.20.12

My question would be does the subnet mask look right?

whardman

Doesn't look right to me either but it is. I tested it on mine and get the same result. Do you have rules to allow vpn traffic to access the internal network, especially RPC?

BTW, what did you do to fix the 721 error?

crazijoe

Rules are set to allow VPN traffic.

It was a credentials issue. I tried to connect inputting domain credentrials on a machine that was not joined to the domain. It must not of been putting the right username/password/domain info in.
I joined the computer to the domain and connected using the Windows login credentials and got me right in.
Something still doesn't seem right. I'm going to try it on another Laptop.

95five-0

When I switched from a sonic wall to ISA I had a simalar issue. I was able to ping some servers but not other and it was completely random. What it turn out to be was a DNS issue. On the client machine try going to the properties on the VPN connection and click on the Networking tab, then click on TCP/IP and click properties. Then click on advanced and uncheck Use default gateway on remote network.

crazijoe

I went ahead and unchecked the Use default gateway on remote network box but still no luck. It does seem to be a DNS issue because I can ping the IP of the computers on the domain but I cannot ping the computer names.
When I run the IPCONFIG it shows the right IP addresses of the DNS servers on our domain.

whardman

Try checking the server logs and see if there are any denied connections. The quickest way would be to open it in excel then you can sort the entries and pick out the denied connections.

crazijoe

Got it to work.
Simple first time installer correcting. I was picking protocols in the firewall rules. When I changed it to all outbound traffic it worked.
It seems to me the wording is a little backwards. When I think all outbound traffic, I think of internal network going out, not VPN coming in.

ultrasong

Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)

Have any idea for this ? Thank you !

ecrocombe

Make sure you are not VPNing into a quarantine environment. and instead of asigning static ip's use your DHCP to do that and tell ISA to relay DHCP to dial-in clients