Tom, you make mention of the Demand Redial feature, What I need is a constant 24x7 connection, I have worked with VPN tunnels before with other 3rd party applications and I guess this is a case of learning how Microsoft designed the RRAS and VPN, but the VPN tunnels I have created are permanent until torn down, they are not wake on demand type tunnels and if the PPTP and L2TP tunnels that rely on Microsoft RRAS work that way I guess I will have to reconsider using ISA as a corporate Firewall. Any other ideas Tom? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, February 28, 2003 3:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN Stops working http://www.ISAserver.org Hi Glenn, You'll need to tell the demand dial interface to redial, just in case it isn't already configured that way. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Friday, February 28, 2003 7:18 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN Stops working http://www.ISAserver.org Good Morning Thomas, The RRAS on both ends established a connection, I was able to ping nodes that live on the defined address space on both ends, I walked away for a while to another service call, when I returned and attempted to ping the same nodes on both ends, it failed. I then looked at the RRAS and in the definition it stated that the tunnel was disconnected, I used the manual connect option and still the tunnel refused to reestablish connection. I know the CERT server can go any where, but is a CERT server necessary to build a tunnel? and how do I make my tunnels always available? They will need to have a constant active connection. Thank you Glenn -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, February 27, 2003 8:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA VPN Stops working http://www.ISAserver.org Hi Glenn, When you say it stopped working, do you mean that you're able to connect, but the tunnel dies, or that you're not even able to connect? How many addresses do you have bound to the external interface? Which of these are you using as the tunnel endpoint? Each machine needs a certificate that the other trusts, but a cert server certainly doesn't need to be installed on either machine, or even on the network. Make sure that fragment filtering is disabled. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Thursday, February 27, 2003 4:13 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA VPN Stops working http://www.ISAserver.org In the process of evaluating ISA as a firewall I noticed that my L2TP tunnel that was working between the two test servers suddenly stopped working, I am beginning to think that a certificate server is required to maintain this tunnel. I did however make one modification in RRAS, I set the connection state to persistent on both ends. Could anyone tell me if a Cert server is absolutely necessary for tunnels to work when created between two or more ISA servers. Thank you Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')