Re: VPN Connections dropping
- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 11 Feb 2003 19:21:27 -0400
Now there's a thing, after a couple of months scratching my head over site to
site VPN's, I finally understood last night how to do it.
Here's a snippit from the doc I found
There are numerous important components to defining these site-to-site links.
It is imperative to recognize that only one of the VPN peers initiates the VPN
connection. The remote VPN peer simply recognizes the connection, and
initiates the appropriate initialization of the local interface when the peer
supplies a username (under login credentials) that matches the name of the
local interface.
ACTIVE VPN:
Router Name: SEA_to_ORD
Remote IP Address: 205.178.180.125
Dial-Out Credentials (Username): SEA_to_ORD
Dial-Out Credentials (Password): <anything - preferably complex>
Dial-Out Credentials (Domain): SEATTLEVPN
Dial-In Credentials: <blank!>
During the creation of the interface, Windows 2000 will prompt for dial-in
credentials. Since this interface is the active dialer, these credentials are
not needed. Instead, dial-out credentials should be specified. Once this
interface is configured, select the properties of the interface. Change the
type of interface to persistent, and set the redial attempts to 10000.
PASSIVE VPN:
Router Name: SEA_to_ORD
Remote IP Address: <blank!>
Dial-In Credentials (Username): SEA_to_ORD
Dial-Out Credentials (Domain): <blank!> ( enter anything at this
point, because you won't finish the wizard until you do. Then right click the
connector and select credentials and clear them.
During the creation of this passive interface, dial-in credentials must be
established. This may be performed by selecting the add account so remote
router can dial in option during configuration. After the interface is
configured, select the properties of the interface. Change the interface to
demand-dial, and set the disconnection time to never.
When the ACTIVE VPN is initialized, a connection to the remote VPN is
established. Upon connection, the dial-out credentials are presented to the
remote machine. Upon receiving the credentials, the PASSIVE VPN recognizes
that the name of the local RRAS interface matches the username of the
credentials. Thus, it immediately associates the VPN interface to the
connection - and routes packets appropriately.
Add static routes at both ends, or use rip.
Cheers
Steve
From:Greg Foulks
Sent:Tue 11/02/2003 04:33 PM
To:[ISAserver.org Discussion List]
Subject:[isalist] Re: VPN Connections dropping
http://www.ISAserver.org
Do you have QoS enabled?
greg
----- Original Message -----
From: <hiramacl@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, February 11, 2003 3:27 PM
Subject: [isalist] VPN Connections dropping
> http://www.ISAserver.org
>
>
> We are trying to setup a remote office for VPN access. We have the test
> environment set with two Win2k clients connecting to a primary firewall
> that nats the PPTP traffic to ISA. One client drops the connection
> shortly after the second client authenticates to the network.
>
> Any ideas?
>
> Thanks!
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
This E-Mail is confidential. It is not intended to be read, copied, disclosed
or used by any person other than isalist@xxxxxxxxxxxxxx
Unauthorised use, disclosure, or copying is strictly prohibited and may be
unlawful. Optimum Computer Solutions disclaims any liability for any action
taken in connection of this E-Mail. The comments or statements expressed in
this E-Mail are not necessarily those of Optimum Computer Solutions or its
subsidiaries or affiliates.
usermanager@xxxxxxxxxxxxxxx
Other related posts:
