I'll take a look at the ISA 2004 VPN deployment kit. Meanwhile, is there a way for me to see on the ISA server if it thinks the VPN is established? (I know how to check it on the IPCop box, and it says the VPN is established.) Thanks, Rob _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, September 15, 2004 2:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: A different approach http://www.ISAserver.org Hi Rob, Is the VPN link being established? If so, have you created rules on the ISA firewall to allow traffic to the remote network and traffic from the remote network? Check out the ISA 2004 VPN deployment kit for examples of how to create these rules. HTH, Tom _____ From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Wednesday, September 15, 2004 9:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] A different approach http://www.ISAserver.org Good morning-- I hope you aren't tired of hearing from me yet! Since I've been having so much trouble getting consistent communication between my remote sites and the home office when using ISA 2004 (the remotes and home office have site-to-site VPNs using IPCop firewalls at either end), I've decided to take a whack at setting up site-to-site VPNs using remote IPCops and the ISA 2004 firewall in the home office as the endpoint. I've set up a test IPCop box and gotten the VPN established (at least according to IPCop the VPN is established). I followed the instructions in Microsoft's Configuring IPSec.doc at http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositeips ec.mspx <http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositeip sec.mspx> ). Of course, there's nothing in that doc about IPCop. But I'm not getting any traffic flow between the two sites. Any suggestions as to where I should look for the problem? Do I need a static route on the ISA server? (I tried setting one up but didn't know what the gateway should be.) Unfortunately, we can't afford 35 ISA servers for our remote sites. :-( Thanks, Rob ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx