Hi Rob, Opps! My bad. I was thinking of PPTP/L2TP/IPSec, not IPSec tunnel mode. You can use the RRAS console for both PPTP and L2TP/IPSec to determine whether its a remote access VPN client or VPN gateway connection, but you can't do that, and you don't need to do that (most of the time) with IPSec tunnel mode. Does the IPSec console on the Windows gateway show the correct IP addresses in the routes to the remote network? Thanks! Tom ________________________________ From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Wednesday, September 15, 2004 1:31 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: A different approach http://www.ISAserver.org I'll take a look at the ISA 2004 VPN deployment kit. Meanwhile, is there a way for me to see on the ISA server if it thinks the VPN is established? (I know how to check it on the IPCop box, and it says the VPN is established.) Thanks, Rob ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, September 15, 2004 2:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: A different approach http://www.ISAserver.org Hi Rob, Is the VPN link being established? If so, have you created rules on the ISA firewall to allow traffic to the remote network and traffic from the remote network? Check out the ISA 2004 VPN deployment kit for examples of how to create these rules. HTH, Tom ________________________________ From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Wednesday, September 15, 2004 9:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] A different approach http://www.ISAserver.org Good morning-- I hope you aren't tired of hearing from me yet! Since I've been having so much trouble getting consistent communication between my remote sites and the home office when using ISA 2004 (the remotes and home office have site-to-site VPNs using IPCop firewalls at either end), I've decided to take a whack at setting up site-to-site VPNs using remote IPCops and the ISA 2004 firewall in the home office as the endpoint. I've set up a test IPCop box and gotten the VPN established (at least according to IPCop the VPN is established). I followed the instructions in Microsoft's Configuring IPSec.doc at http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositeips ec.mspx <http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositeip sec.mspx> ). Of course, there's nothing in that doc about IPCop. But I'm not getting any traffic flow between the two sites. Any suggestions as to where I should look for the problem? Do I need a static route on the ISA server? (I tried setting one up but didn't know what the gateway should be.) Unfortunately, we can't afford 35 ISA servers for our remote sites. :-( Thanks, Rob ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx