Microsoft KB Archive/313433

= VPN Dial-up Connections Are Not Filtered by ISA Server =

Article ID: 313433

Article Last Modified on 10/29/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q313433



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
A virtual private network (VPN) dial-up connection from Internet Security and Acceleration (ISA) Server to a remote network is not filtered. This behavior is by design because ISA Server assumes that dial-up VPN connections from ISA Server are always on a trusted network. However, this is not always the case because some public Internet service providers (ISPs) use a VPN connection. This essentially leaves the internal clients open to the Internet because no filtering is being performed on the ISA Server connection.



RESOLUTION
This problem was corrected in Internet Security and Acceleration Server Service Pack 1.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack



MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

With ISA Server Service Pack 1 (SP1), packet filtering is applied to dial-up VPN connections. Demand-dial VPN interfaces in Routing and Remote Access remain unfiltered. To disable packet filtering on a dial-up VPN connection with SP1, make the following registry changes:

Key:

Data type:

Value name:

Data value:

= No packet filtering on the connection

= Packet filtering on the connection (this is the default with SP1)

Keywords: kbproductlink kbenv kbprb KB313433

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.