Article ID: 313433 - Last Review: October 29, 2007 - Revision: 2.2

VPN Dial-up Connections Are Not Filtered by ISA Server

View products that this article applies to.
This article was previously published under Q313433
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986  (http://support.microsoft.com/kb/256986/EN-US/ ) Description of the Microsoft Windows Registry
Expand all | Collapse all

SYMPTOMS

A virtual private network (VPN) dial-up connection from Internet Security and Acceleration (ISA) Server to a remote network is not filtered. This behavior is by design because ISA Server assumes that dial-up VPN connections from ISA Server are always on a trusted network. However, this is not always the case because some public Internet service providers (ISPs) use a VPN connection. This essentially leaves the internal clients open to the Internet because no filtering is being performed on the ISA Server connection.
Back to the top

RESOLUTION

This problem was corrected in Internet Security and Acceleration Server Service Pack 1.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
313139  (http://support.microsoft.com/kb/313139/EN-US/ ) How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
Back to the top

MORE INFORMATION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

With ISA Server Service Pack 1 (SP1), packet filtering is applied to dial-up VPN connections. Demand-dial VPN interfaces in Routing and Remote Access remain unfiltered. To disable packet filtering on a dial-up VPN connection with SP1, make the following registry changes:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\FPC

Data type: DWORD
Value name: NoPfOnVpnDialUps
Data value:
1 = No packet filtering on the connection
0 = Packet filtering on the connection (this is the default with SP1)
Back to the top
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
Back to the top
Keywords: 
kbproductlink kbenv kbprb KB313433
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations