RE: ISA VPN Stops working
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 2 Mar 2003 20:04:51 -0600
Hi Glenn,
Keep in mind that ISA Server doesn't have anything to do with the VPN
features -- the VPN is all RRAS. All my sites have nice and stable VPN
gateways, so its just a configuration issue, that's all.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Friday, February 28, 2003 3:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops working
http://www.ISAserver.org
Tom, you make mention of the Demand Redial feature, What I need
is a constant 24x7 connection, I have worked with VPN tunnels before
with other 3rd party applications and I guess this is a case of learning
how Microsoft designed the RRAS and VPN, but the
VPN tunnels I have created are permanent until torn down, they
are not wake on demand type tunnels and if the PPTP and L2TP tunnels
that rely on Microsoft RRAS work that way I guess I will have to
reconsider using ISA as a corporate Firewall. Any other ideas Tom?
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, February 28, 2003 3:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops working
http://www.ISAserver.org
Hi Glenn,
You'll need to tell the demand dial interface to redial,
just in case it isn't already configured that way.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Friday, February 28, 2003 7:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops working
http://www.ISAserver.org
Good Morning Thomas, The RRAS on both ends
established a connection, I was able to ping nodes that live on the
defined address space on both ends, I walked away for a while to another
service call, when I returned and attempted to ping the same nodes on
both ends, it failed. I then looked at the RRAS and in the definition it
stated that the tunnel was disconnected, I used the manual connect
option and still the tunnel refused to reestablish connection. I know
the CERT server can go any where, but is a CERT server necessary to
build a tunnel? and how do I make my tunnels always available? They will
need to have a constant active connection.
Thank you
Glenn
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 27, 2003 8:30
PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops
working
http://www.ISAserver.org
Hi Glenn,
When you say it stopped working, do you
mean that you're able to connect, but the tunnel dies, or that you're
not even able to connect?
How many addresses do you have bound to
the external interface? Which of these are you using as the tunnel
endpoint?
Each machine needs a certificate that
the other trusts, but a cert server certainly doesn't need to be
installed on either machine, or even on the network.
Make sure that fragment filtering is
disabled.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond:
http://tinyurl.com/1jq1
Configuring ISA Server:
http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks
[mailto:gmaks@xxxxxxxxx]
Sent: Thursday, February 27, 2003 4:13
PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA VPN Stops working
http://www.ISAserver.org
In the process of evaluating ISA as a
firewall I noticed that my L2TP tunnel that was working between the two
test servers suddenly stopped working, I am beginning to think that a
certificate server is required to maintain this tunnel. I did however
make one modification in RRAS, I set the connection state to persistent
on both ends. Could anyone tell me if a Cert server is absolutely
necessary
for tunnels to work when created between
two or more ISA servers.
Thank you
Glenn
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: gmaks@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: gmaks@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts: