Hi Tim, You're not nuts. I've heard this one before. But being even more aged as you, I can't recall if there was a fix, or what the issue was. PMTU might be an issued, but I'm not sure. Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx] Sent: Thursday, September 18, 2003 12:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] Sanity Check http://www.ISAserver.org Greetings all. Let me start by saying "Arrg." I would like to submit an issue I am having to the group for a sanity check. I've done about a million point-to-point VPN setups with ISA on Wink2 without issues. However, in a new 2003 Server (with all SP's for the OS and ISA) install, setting up point-to-point (remote/local) ISA VPN servers has been an issue. Basically, the VPN's connect just fine; clients on both sides can ping, telnet to any given port, etc, but they can't authenticate to resources on either side. What is interesting is that the ISA/VPN boxes themselves can. It's your basic, flat setup: Network A -> ISA-A --- Internet --- ISA-B -> Network B From ISA-A, I can immediately pull up resources on ISA-B, and any resources on Network B. From ISA-B, I can immediately pull up resources on ISA-A, and any resources on Network A. Clients on Network A can ping, and as I said, telnet to open ports on resources on Network B- same from clients on Network B. But, if from Network A, you try to pull up something that requires authentication (like a share) on Network B, it fails with a "semaphore timed out" error after a few minutes. Same from Network B. In my ISA logs on both ISA-A and ISA-B, I show all kinds of requests from Network B to Network A and Network A to Network B being filtered out as "malformed." Technet searches did not turn up anything. WTF? Have I gone mad? What am I forgetting? I have looked and there is no checkbox for "randomly malform packets and prevent authentication." Can anyone help this aged computer dude? t ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')