OK, So far, here is what I have learned... The problem exists between the VPN Dial-up entry and RRAS. If you stop the RRAS services, the 'flapping' of the VPN connection ceases. As a result of this, I am inclined to think that the nic card isnt to blame, and that it's a configuration issue. Or a bug. I wonder if there were any RRAS hotfixes applied to this system recently. I like the post below, and will take a look at these configuration options. I think its likely to be something similar to these fixes. It certainly appears to be a painful resolution from a configuration perspective. My other solution is to go with PPPoE, which is a viable alternative. Problem is the server failed to install RASPPPOE properly, and I have now got two problems to resolve! Thanks to all that posted. And just so you don't think im sponging, I read over 60 VPN related posts today from the members of this list. Seems VPN is quite a beast. Regards and thanks, Greg -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Thursday, 12 June 2003 11:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RES: RE: ISA Server and Outbound VPN http://www.ISAserver.org Hey Tom, Remember that I had the same problem? -In RRAS, you have to set only one of the VPN interfaces as persistent, and other as demand-dial. -The VPN interface must have the same name that the user being used to connect to the remote server -In the static routes in RRAS, the option "use this route to initiate demand-dial connections" on the route that reaches the remote network can only be marked on the same side that has persistent connection marked. This took care of the problem here. Tiago de Aviz IT Consultant MCP-CNA-AIX-CCNA-CCDA -------------------------------- www.softsell.com.br tiago@xxxxxxxxxxxxxxx -------------------------------- -----Mensagem original----- De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Enviada em: quinta-feira, 12 de junho de 2003 00:07 Para: [ISAserver.org Discussion List] Assunto: [isalist] RE: ISA Server and Outbound VPN http://www.ISAserver.org Hi Greg, Is the ISA firewall creating a VPN client connection to the ISP? Or are you just passing PPTP through the ISA firewall? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Wright [mailto:greg@xxxxxxxxxxxx] Sent: Wednesday, June 11, 2003 9:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server and Outbound VPN http://www.ISAserver.org Hi Tom, Its my wireless network (well, I run the thing anyway) and I was at the site checking the radio quality. Sub 10ms pings for 25 minutes yesterday. The lower layers are fine. While the ping was running, the vpn connection was reconnecting constantly, which indicated to me that it was a VPN/ISA related problem. I also tested VPN connections from my laptop over the same connection with no issue. The VPN Server (as the ISP we hand off to) has not reported problems with their end so I have to presume at this point its client side. Thanks for the other idea's, I can and will try these. If these fail, im going ot PPPoE! Regards, Greg -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, 12 June 2003 12:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server and Outbound VPN http://www.ISAserver.org Hi Greg, First suspect is always layer 1: routers, cables, ISPs issues -- too many people, including me, have VPN links stay up for hours or days without problems. So, as long as your server is up to date, I have to put ISA firewall related problems low on the list. Try using L2TP/IPSec -- there are rumors, and nothing more than rumors, that there's an issue with the control channel getting "stale", for want of a better term. I don't know if it's a TCP protocol issue, or something in the PPTP control command set. But sometimes changing to L2TP helps. Try switching from your high dollar Intel card with custom Intel drivers to a cheapo Realtek or Linksys that has built in Win2k drivers. A number of people have suggested that this has helped them too. Make sure that there are no Remote Access Policies involved that direct the servers or clients to drop the connection after "x" minutes of inactivity. Run a NetMon trace and catch the packets and see if anything interesting happens right before the disconnect. Since the disconnect happens so frequently, you won't have to wait long to get multiple examples. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Wright [mailto:greg@xxxxxxxxxxxx] Sent: Wednesday, June 11, 2003 9:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Server and Outbound VPN http://www.ISAserver.org Hi all, I havent been able to keep an eye on the mailing list for quite some time, and I know that in the past there has been some ISA VPN related posts. The reason I am posting this, is I have a customer that has a highly configured ISA system, with configuration for an outbounf VPN connection to their ISP for internet access, and then a couple more oubound vpn's connecting the office to a central office in the US. The internet VPN connection is constantly dropping and redialling its connection. While I was onsite, the VPN never stayed up longer than 5 minutes. Has anyone got any clues, recommendations or suggestions about issues relating to VPN calls, ISA quirks etc? I expect it will be just a matter of troubleshooting it, but I wondered if anyone could give me a heads up before I get onsite. Thanks, Greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')