I have to ask - what is the gain of the additional overhead of the VPN between effectively local sites? How many users are typically engaged in this connectivity when it fails? From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau Sent: Saturday, February 12, 2011 17:53 To: isalist@xxxxxxxxxxxxx Subject: [isalist] And speaking of VPN....strange behavior We have several sites connected via the VPN Site-To-Site Dial Up connection. We also allow certain users to VPN into two of our main site ISA 2006 servers (we use RADIUS, etc. to keep the ISA boxes off the domain). Because we've become PCI and HIPAA complaint, we moved from PPTP to L2TP/IPSec and all is working well with the Site-to-Site connections and the users VPNing in. However, we are experiencing an odd issue now. In our two main sites, which have 5 Networks (NICs) each (Public, Staff, Wireless, etc..) we keep the Staff network very secure, however, we do allow the Staff networks to fully communicate to each other between the sites. However, if a user from one of the non-Staff networks wishes to communicate to the Staff network, we force them to use VPN. Now, we know we can't get them to VPN "out" of the ISA server and back in again, so actually, we have them VPN into the "other" site and all was fine. However, since moving to L2TP/IPSec, we are experiencing connection issues - the VPN connection never fully completes - SOMETIMES for clients coming from the non-Staff networks. If they are at home, or anywhere else, VPN always works fine. Now, if I reboot the "outgoing" ISA, they can VPN in for a while, but after a while (varies with no apparent rhyme or reason), they can't connect in. Also, I've turned back on PPTP (however site-to-site is still L2TPIPSec), and a PPTP connection always works, but L2TP/IPSec will stop working after a while. Any ideas? Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) <http://www.scarletknights.com> www.scarletknights.com Description: rutgers100px.gif Description: C:\Users\scomeau.SK\AppData\Roaming\Microsoft\Signatures\Steve21.jpg *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***