Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

VPN Dial-up Connections Are Not Filtered by ISA Server


View products that this article applies to.

This article was previously published under Q313433
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/EN-US/ ) Description of the Microsoft Windows Registry

↑ Back to the top


Symptoms

A virtual private network (VPN) dial-up connection from Internet Security and Acceleration (ISA) Server to a remote network is not filtered. This behavior is by design because ISA Server assumes that dial-up VPN connections from ISA Server are always on a trusted network. However, this is not always the case because some public Internet service providers (ISPs) use a VPN connection. This essentially leaves the internal clients open to the Internet because no filtering is being performed on the ISA Server connection.

↑ Back to the top


Resolution

This problem was corrected in Internet Security and Acceleration Server Service Pack 1.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
313139� How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack

↑ Back to the top


More information

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

With ISA Server Service Pack 1 (SP1), packet filtering is applied to dial-up VPN connections. Demand-dial VPN interfaces in Routing and Remote Access remain unfiltered. To disable packet filtering on a dial-up VPN connection with SP1, make the following registry changes:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\FPC

Data type: DWORD
Value name: NoPfOnVpnDialUps
Data value:
1 = No packet filtering on the connection
0 = Packet filtering on the connection (this is the default with SP1)

↑ Back to the top


Keywords: KB313433, kbprb, kbenv, kbproductlink

↑ Back to the top

Article Info
Article ID : 313433
Revision : 4
Created on : 10/29/2007
Published on : 10/29/2007
Exists online : False
Views : 338