Now there's a thing, after a couple of months scratching my head over site to site VPN's, I finally understood last night how to do it. Here's a snippit from the doc I found There are numerous important components to defining these site-to-site links. It is imperative to recognize that only one of the VPN peers initiates the VPN connection. The remote VPN peer simply recognizes the connection, and initiates the appropriate initialization of the local interface when the peer supplies a username (under login credentials) that matches the name of the local interface. ACTIVE VPN: Router Name: SEA_to_ORD Remote IP Address: 205.178.180.125 Dial-Out Credentials (Username): SEA_to_ORD Dial-Out Credentials (Password): <anything - preferably complex> Dial-Out Credentials (Domain): SEATTLEVPN Dial-In Credentials: <blank!> During the creation of the interface, Windows 2000 will prompt for dial-in credentials. Since this interface is the active dialer, these credentials are not needed. Instead, dial-out credentials should be specified. Once this interface is configured, select the properties of the interface. Change the type of interface to persistent, and set the redial attempts to 10000. PASSIVE VPN: Router Name: SEA_to_ORD Remote IP Address: <blank!> Dial-In Credentials (Username): SEA_to_ORD Dial-Out Credentials (Domain): <blank!> ( enter anything at this point, because you won't finish the wizard until you do. Then right click the connector and select credentials and clear them. During the creation of this passive interface, dial-in credentials must be established. This may be performed by selecting the add account so remote router can dial in option during configuration. After the interface is configured, select the properties of the interface. Change the interface to demand-dial, and set the disconnection time to never. When the ACTIVE VPN is initialized, a connection to the remote VPN is established. Upon connection, the dial-out credentials are presented to the remote machine. Upon receiving the credentials, the PASSIVE VPN recognizes that the name of the local RRAS interface matches the username of the credentials. Thus, it immediately associates the VPN interface to the connection - and routes packets appropriately. Add static routes at both ends, or use rip. Cheers Steve From:Greg Foulks Sent:Tue 11/02/2003 04:33 PM To:[ISAserver.org Discussion List] Subject:[isalist] Re: VPN Connections dropping http://www.ISAserver.org Do you have QoS enabled? greg ----- Original Message ----- From: <hiramacl@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, February 11, 2003 3:27 PM Subject: [isalist] VPN Connections dropping > http://www.ISAserver.org > > > We are trying to setup a remote office for VPN access. We have the test > environment set with two Win2k clients connecting to a primary firewall > that nats the PPTP traffic to ISA. One client drops the connection > shortly after the second client authenticates to the network. > > Any ideas? > > Thanks! > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx