Only one end should be persistent, on end should be passive without any dial out credentials and set to never hang up. Steve -----Original Message----- From: JB Fields [mailto:jbfields@xxxxxxx] Sent: Thursday, February 27, 2003 10:36 PM To: Isa List Subject: [isalist] RE: ISA VPN Stops working http://www.ISAserver.org The only thing that comes to my mind is that they may be set to check certificates for revocation, in which case they *might* fail if the revocation list is not available at the Certificate Authority. I've not seen this or read that this happens, I'm just guessing. -- J Burford Fields of JB Fields & Associates, LLC MCSE, MCT, MCP+I, A+, Network+, CTT+ jbfields@xxxxxxx www.jbfields3.com "So, everything in the world is a metaphor for something else?"--El Postino -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Thursday, February 27, 2003 5:13 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA VPN Stops working http://www.ISAserver.org In the process of evaluating ISA as a firewall I noticed that my L2TP tunnel that was working between the two test servers suddenly stopped working, I am beginning to think that a certificate server is required to maintain this tunnel. I did however make one modification in RRAS, I set the connection state to persistent on both ends. Could anyone tell me if a Cert server is absolutely necessary for tunnels to work when created between two or more ISA servers. Thank you Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jbfields@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx