Hi Glenn, How many IP addresses are bound to the external interface? Is fragment filtering disabled? Have you confimed that the machine has a machine certificate? If so, how did you carry out the confirmation procedure? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Wednesday, March 05, 2003 7:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] VPN Progress - One Question Importance: High http://www.ISAserver.org In the process of evaluating ISA I built 2 test servers to look at the VPN support ISA offers with RRAS as the underlying service. I successfully created a PPTP tunnel between them which allowed me to request and install a Certificate on both ISA servers from a internal private Cert server, this all went well. I then defined a L2TP tunnel using the Local and Remote wizards and definition file it created, verified the setting in RRAS and it all looks good, watching the RRAS service I can see a connection attempt but I get this error from the Remote ISA server. Error Message: An Error occurred during the connection of the Interface. The L2TP connection attempt failed because security negotiation timed out. I searched every where but found nothing that would help understand this error. Apologies for posting what seems to be one VPN question after another, but I have received valuable assistance from helpful individuals in this discussion forum and I do appreciate all the positive input. Thank you very much Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')