Configuring Dial-up Connections and Dial-up Entries

Before you can configure ISA Server dial-up connections, you have to create the necessary policy elements. ISA Server dial-up connections are typically configured when you want to access services that are not Web services, on clients that do not have the Firewall Client installed. These services are usually the Post Office Protocol (POP3) service or the Network News Transfer Protocols (NNTP).

When you create dial-up entries, you can apply connection rules and policies for these connections with ISA Server. A dial-up entry uses policy elements which can be used in routing rules to define dial-up access to the Internet. You can define how ISA Server accesses the Internet through dial-up connections. A dial-up routing rule is used to allow the dial-up entry to access the dial-up location.

While numerous dial-up entries can be created, one dial-up entry can be active in the array. This is the dial-up entry that will be used when ISA Server dials out to the Internet.

When you configure dial-up entries in ISA Server, you can enable dial-on-demand for the following clients:configuring ISA server dial-up connections

  • Web Proxy clients

  • Firewall clients.

A dial-up entry contains the information listed here:

  • Name of the dial-up connection configured for the remote access server on each member server in the array.

  • User name and password information for the user that has permissions to connect to the Internet through the dial-up connection.

There are a number of important factors to consider on creating dial-up entries:

  • You have to configure a network dial-up connection on each server in the array before you configure the dial-up entry.

  • When you create a dial-up entry, that dial-up entry becomes the active dial-up entry for the array.

  • When you define an active dial-up entry, all other dial-up connections are disconnected that ISA Server used to utilize.

  • One dial-up entry can be active in an the array

  • The active dial-up entry cannot be deleted.

  • The active dial-up entry will be used for routing rules and will be used for firewall chaining.

How to create a network dial-up connection

  1. Open Control Panel.

  2. Double-click Phone and Modem Options.

  3. If necessary, configure the modem.

  4. Click the Dialing Rules tab.

  5. Click New.

  6. Provide a name for the location.

  7. Set the area code for the location.

  8. Specify any dialing rules.

  9. Click OK.

How to create a dial-up entry

  1. Open the ISA Management console.

  2. Navigate to the Policy Elements node.

  3. Expand the Policy Elements node.

  4. Right-click Dial-up Entries and then select New Dial-Up Entry from the shortcut menu.

  5. The New Dial-Up Entry dialog box opens.

  6. In the Name box, enter a name for the new dial-up entry.

  7. In the Description box, provide a description for the dial-up entry.

  8. In the Use The Following Network Dial-Up Connection box, enter the name of the network dial-up connection that you created.

  9. Click Set Account.

  10. The Set Account dialog box opens.

  11. In the User box, enter the name of the user account provided by the ISP.

  12. In the Password box and Confirm Password box, enter and verify the password of the user, and then click OK.

  13. Click OK in the New Dial-Up Entry dialog box.

How to set a dial-up entry as the active dial-up entry

  1. Open the ISA Management console.

  2. Click the View menu and select Advanced.

  3. Expand the Policy Elements node.

  4. Select the Dial-up Entries folder.

  5. The details pane shows all existing dial-up entries.

  6. Select the Dial-up entry that you want as the active dial-up entry, and then select Set As Active Entry from the shortcut menu.

How to configure a dial-up routing rule

  1. Open the ISA Management console.

  2. Navigate to the Network Configuration node, and then select the Routing folder.

  3. Right-click the Routing folder and select New Rule from the shortcut menu.

  4. The New Routing Rule Wizard launches.

  5. Provide a name for the new rule and click Next.

  6. Select Destinations on the following page, and then click Next.

  7. On the Request Action page, select the Retrieve Them Directly from the Specified Destination option.

  8. Enable the Use a Dial-Up Entry checkbox. Click Next.

  9. On the Cache Retrieval Configuration page, you have to define how this routing rule searches for and retrieves objects from the cache. Click Next.

  10. On the Cache Content Configuration page, specify whether objects should be stored in the cache. Click Next.

  11. Click Finish.

  12. Double-click the routing rule in the details pane of the ISA Management console to access its properties.

  13. The Routing Rule Properties dialog box opens.

  14. Click the Action tab.

  15. Enable the Use Dial-Up Entry for Primary Route checkbox.

  16. Click OK.

How to enable dialing for the ISA Firewall service

  1. Open the ISA Management console.

  2. Navigate to the Network Configuration node.

  3. Right-click the Network Configuration node and then select Properties from the shortcut menu.

  4. The Network Configuration Properties dialog box opens.

  5. Click the Firewall Chaining tab.

  6. Select the Use Primary Connection option.

  7. Select the Use Dial-up Entry checkbox.

  8. Click OK.

How to enable automatic dial-out for routing

  1. Open the ISA Management console.

  2. Navigate to the Routing node.

  3. Right-click the routing rule that you want to configure and then select Properties from the shortcut menu.

  4. The Routing Rule Properties dialog box opens.

  5. Click the Action tab.

  6. Select the Retrieve Them Directly From The Specified Destination option.

  7. Select the Use Dial-Up Entry For Primary Route checkbox.

  8. Click OK.

How to restart the ISA Firewall service

  1. Open the ISA Management console.

  2. Expand the Monitoring node.

  3. Select the Services node.

  4. Right-click the Firewall service and select Stop.

  5. Right-click the Firewall service once more and then select Start.

Managing ISA Server Dial-up Connections

You can configure the following settings to manage your dial-up connections:

  • You can limit the time that a user can dial-out to the Internet. This is done by creating a schedule that defines when a user is allowed or disallowed to dial-out to the Internet. After the schedule is defined, you have to create a site and content rule that contains your schedule.

  • To control active caching, select the Less Frequently option on the Active Caching tab of the Cache Configuration properties.

  • To control unnecessary Internet dial-ups, you can record the internal servers in Local Domain Table to control Internet based DNS lookups.

When ISA Server dials-out to the Internet, the connection is terminated when either of the following events occurs:

  • The existing active dial-up entry is changed to use another network dial-up connection.

  • A different dial-up entry is activated.

  • The dial-up entry for firewall chaining is not enabled.

  • The Firewall service has stopped.

  • The primary route is active again. This for cases where the dial-up connection is defined as a backup route.

Troubleshooting ISA Server Dial-up Connections

A few issue typically encountered with ISA Server dial-up connections, together with recommendations for solving the issues are discussed in this section of the Article.

  • When a Dial-on-Demand Failure event is logged in the event log, it basically means that the connection could not be created. This could possible be due to the line being busy, or because there was no answer. Determine whether any of these issues is the reason for the failure. If not, check for any other issues and sort them out.

  • When the Upstream Chaining Credentials event is logged in the event log, you have provided incorrect credentials. Check whether you have entered the valid user provided by the ISP and entered a valid password.

  • When the Invalid Dial-On-Demand Credentials event is logged in the event log, it means that the username and password provided of the user is not valid. Check whether you have entered the valid user provided by the ISP and entered a valid password.

  • If you receive the 14066 error, it means that the dial-up entry configuration information cannot be read. Check the configuration of the dial-up entry.

  • If you receive the 14067 error, it means that the rasapi32.dll failed to load. This is usually due to a system configuration setting that is incorrect.

  • If you receive the 14136 error, it means the ISA Server dial-out connection has failed. Try manually dialing the number.

  • When only manual dial-out works, and not ISA Server dial-out, check the configuration of the ISA Server dial-up entry and change any incorrect settings. Verify that ISA Server has permission to use the dial-up connection.

  • If you receive the 14142 error, it means that dialing out to the Internet has failed. Check your authentication settings and the phone book entry.

  • When the ISA server dials out to the Internet when no users have requested connections to the Internet, then active caching is enabled. Remember that with active caching, ISA Server updates the content in the cache at regular intervals. If you do not want this to occur, then you have to disable active caching.

  • When a dial-up connection is dropped, you can automatically re-establish the connection by restarting ISA Server services.

  • When your dial-up server hangs even when no dialing out is taking place:

    • Set the ISA Server to use the internal DNS servers.

    • Define the DNS server as an ISA Server client.

    • Set the DNS server to forward requests that cannot be resolved to an external DNS server.