RE: ISA VPN Stops working
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 28 Feb 2003 14:04:56 -0600
Hi Glenn,
You'll need to tell the demand dial interface to redial, just in case it
isn't already configured that way.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Friday, February 28, 2003 7:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops working
http://www.ISAserver.org
Good Morning Thomas, The RRAS on both ends established a
connection, I was able to ping nodes that live on the defined address
space on both ends, I walked away for a while to another service call,
when I returned and attempted to ping the same nodes on both ends, it
failed. I then looked at the RRAS and in the definition it stated that
the tunnel was disconnected, I used the manual connect option and still
the tunnel refused to reestablish connection. I know the CERT server can
go any where, but is a CERT server necessary to build a tunnel? and how
do I make my tunnels always available? They will need to have a constant
active connection.
Thank you
Glenn
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 27, 2003 8:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops working
http://www.ISAserver.org
Hi Glenn,
When you say it stopped working, do you mean that you're
able to connect, but the tunnel dies, or that you're not even able to
connect?
How many addresses do you have bound to the external
interface? Which of these are you using as the tunnel endpoint?
Each machine needs a certificate that the other trusts,
but a cert server certainly doesn't need to be installed on either
machine, or even on the network.
Make sure that fragment filtering is disabled.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Thursday, February 27, 2003 4:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA VPN Stops working
http://www.ISAserver.org
In the process of evaluating ISA as a firewall I
noticed that my L2TP tunnel that was working between the two test
servers suddenly stopped working, I am beginning to think that a
certificate server is required to maintain this tunnel. I did however
make one modification in RRAS, I set the connection state to persistent
on both ends. Could anyone tell me if a Cert server is absolutely
necessary
for tunnels to work when created between two or
more ISA servers.
Thank you
Glenn
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: gmaks@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts: