[isalist] Re: And speaking of VPN....strange behavior

  • From: Jim Harrison <jim@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 14 Feb 2011 09:04:07 -0800

I have to ask - what is the gain of the additional overhead of the VPN
between effectively local sites?

How many users are typically engaged in this connectivity when it fails?



From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steven Comeau
Sent: Saturday, February 12, 2011 17:53
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] And speaking of VPN....strange behavior


We have several sites connected via the VPN Site-To-Site Dial Up connection.
We also allow certain users to VPN into two of our main site ISA 2006
servers (we use RADIUS, etc. to keep the ISA boxes off the domain).  Because
we've become PCI and HIPAA complaint, we moved from PPTP to L2TP/IPSec and
all is working well with the Site-to-Site connections and the users VPNing
in.  However, we are experiencing an odd issue now.


In our two main sites, which have 5 Networks (NICs) each (Public, Staff,
Wireless, etc..) we keep the Staff network very secure, however, we do allow
the Staff networks to fully communicate to each other between the sites.
However, if a user from one of the non-Staff networks wishes to communicate
to the Staff network, we force them to use VPN.  Now, we know we can't get
them to VPN "out" of the ISA server and back in again, so actually, we have
them VPN into the "other" site and all was fine.  However, since moving to
L2TP/IPSec, we are experiencing connection issues - the VPN connection never
fully completes - SOMETIMES for clients coming from the non-Staff networks.
If they are at home, or anywhere else, VPN always works fine.  Now, if I
reboot the "outgoing" ISA, they can VPN in for a while, but after a while
(varies with no apparent rhyme or reason), they can't connect in.  Also,
I've turned back on PPTP (however site-to-site is still L2TPIPSec), and a
PPTP connection always works, but L2TP/IPSec will stop working after a


Any ideas?


Steve Comeau

Associate Director of IT  Rutgers Athletics

83 Rockafeller Road

Piscataway, NJ  08854


732-445-4623 (fax)

 <http://www.scarletknights.com> www.scarletknights.com


Description: rutgers100px.gif





***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com *** 

PNG image

JPEG image

Other related posts: