RE: ISA to ISA VPN
- From: "Miguel Angel Perez" <mperez@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 Aug 2002 19:16:42 +0200
Hi Shawn,
I THINK, It is a little bit large, but I will try to explain the issue.
There are important components to defining these ISA-to-ISA links. Only one of
the VPN peers initiates the VPN connection. The remote VPN peer simply
recognizes the connection, and initiates the appropriate initialization of the
local interface when the peer supplies a username that matches the name of the
local interface.
One ISA must be chosen as the ACTIVE VPN. The other ISA must be considered as
the PASSIVE VPN. This simply indicates which VPN initiates the VPN connection.
The demand-dial configuration for this would be as follows:
ACTIVE VPN:
Router Name: MAD_to_PT
Remote IP Address: 193.127.20.115
Dial-Out Credentials (Username): MAD_to_PT
Dial-Out Credentials (Password): <anything - preferably complex>
Dial-Out Credentials (Domain): MADRIDVPN
Dial-In Credentials: <blank!>
During the creation of the interface, Windows 2000 will prompt for dial-in
credentials. Since this interface is the active dialer, these credentials are
not needed. Instead, dial-out credentials should be specified. Once this
interface is configured, select the properties of the interface. Change the
type of interface to persistent, and set the redial attempts to 10000.
PASSIVE VPN:
Router Name: MAD_to_PT
Remote IP Address: <blank!>
Dial-In Credentials (Username): MAD_to_PT
Dial-Out Credentials (Domain): <blank!>
When you create this passive interface, dial-in credentials must be
established. This may be performed by selecting the add account so remote ISA
can dial in option during configuration. After the interface is configured,
select the properties of the interface and change to demand-dial, and set the
disconnection time to never.
When the ACTIVE VPN is initialized, a connection to the remote VPN is
established. Upon connection, the dial-out credentials are presented to the
remote machine. Upon receiving the credentials, the PASSIVE VPN recognizes
that the name of the local RRAS interface matches the username of the
credentials. Thus, it immediately associates the VPN interface to the
connection - and routes packets appropriately.
I hope it will help you.
Cheers.
-----Mensaje original-----
De: Shawn Anderson [mailto:sanderson@xxxxxxxxxxxxxxxxx]
Enviado el: miércoles, 28 de agosto de 2002 16:48
Para: [ISAserver.org Discussion List]
Asunto: [isalist] ISA to ISA VPN
http://www.ISAserver.org
I am trying to connect two office together via an ISA to ISA connection with
VPN. The connection is set as persistant, however the connection seems to drop
every 4 hours or so.
The VPN status on both machines states that they are connected, however nothing
goes from one site to the other.
Any one seen this?
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mperez@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
