This might be a stab in the dark but I'd say it has to do with the specified main mode policy not being found. Okay kidding apart, what is the IPCOP box using to establish IPSEC connections? Kernel mode Racoon/IKE IPSEC or something like OpenSWAN? (And can those even *talk* to ISA?) -----Message d'origine----- De : Danny [mailto:nocmonkey@xxxxxxxxx] Envoyé : 15 février 2006 12:03 À : [ISAserver.org Discussion List] Objet : [isalist] IPCop site to site VPN with ISA 2004 http://www.ISAserver.org Hello, My goal is to setup a site to site VPN (attempting IPSec) between IPCop and Microsoft's ISA 2004. I am not having any luck. Has anyone accomplished this goal? The admin at the IPCop site has setup: 1) The same PSK 2) IP address of ISA server external (public) IP 3) The remote network 10.1.5.0/255.255.255.0 4) 3DES MD5 encryption On the ISA server: 1) Site to Site IPSec VPN profile 2) The IP address of IPCop external (public) IP 3) The remote network 10.200.0.0/255.255.0.0 and external IPCop IP 4) 3DES MD5 encryption 5) Tried a Route and NAT configuration for Network Rules for remote network The errors on the ISA server: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 547 Date: 2/15/2006 Time: 11:43:07 AM User: NT AUTHORITY\NETWORK SERVICE Computer: SRV01 Description: IKE security association negotiation failed. Mode: Key Exchange Mode (Main Mode) Filter: Source IP Address 100.100.100.100 Source IP Address Mask 255.255.255.255 Destination IP Address 200.200.200.200 Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 100.100.100.100 IKE Peer Addr 200.200.200.200 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr Peer Identity: Failure Point: Me Failure Reason: The specified main mode policy was not found. Extra Status: Sent first (SA) payload Initiator. Delta Time 0 0x0 0x0 ---------------------------------------------------------------------------- --------------------------------------- Event Type: Error Event Source: Microsoft Firewall Event Category: None Event ID: 21197 Date: 2/15/2006 Time: 11:37:16 AM User: N/A Computer: SRV01 Description: ISA Server cannot locate a route to the ABC remote site. As a result, a connection cannot be established. To establish the IPSec site-to-site connection, you must update the routing table. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I do not yet have the errors (if there are any) from the IPCop side. When I try to ping from the ISA server, the replies first say timed out and from there on: Negotiating IP Security. Any suggestions? Thanks, ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx