RE: ISA VPN Stops working

  • From: Glenn Maks <gmaks@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 28 Feb 2003 08:17:53 -0500

Good Morning Thomas, The RRAS on both ends established a connection, I was
able to ping nodes that live on the defined address space on both ends, I
walked away for a while to another service call, when I returned and
attempted to ping the same nodes on both ends, it failed. I then looked at
the RRAS and in the definition it stated that the tunnel was disconnected, I
used the manual connect option and still the tunnel refused to reestablish
connection. I know the CERT server can go any where, but is a CERT server
necessary to build a tunnel? and how do I make my tunnels always available?
They will need to have a constant active connection.
 
Thank you
   Glenn
 
 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, February 27, 2003 8:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA VPN Stops working


http://www.ISAserver.org


Hi Glenn,
 
When you say it stopped working, do you mean that you're able to connect,
but the tunnel dies, or that you're not even able to connect?
 
How many addresses do you have bound to the external interface? Which of
these are you using as the tunnel endpoint?
 
Each machine needs a certificate that the other trusts, but a cert server
certainly doesn't need to be installed on either machine, or even on the
network.
 
Make sure that fragment filtering is disabled.
 
HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>  
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>  

-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
Sent: Thursday, February 27, 2003 4:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA VPN Stops working


http://www.ISAserver.org


In the process of evaluating ISA as a firewall I noticed that my L2TP tunnel
that was working between the two test servers suddenly stopped working, I am
beginning to think that a certificate server is required to maintain this
tunnel. I did however make one modification in RRAS, I set the connection
state to persistent on both ends. Could anyone tell me if a Cert server is
absolutely necessary
for tunnels to work when created between two or more ISA servers.
 
Thank you
  Glenn
 
 
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: