RE: Issue on ISA-ISA gateway VPN with PIX in-between.
- From: "David V. Dellanno" <ddellanno@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 May 2003 16:15:08 -0400
I found this a couple days ago, I hope this will help
Deploying a Highly Available Site-to-Site VPN with Microsoft ISA Server
and Windows Server 2003 <javascript:ToggleDisplay(div600032,
img600032);>
http://www.microsoft.com/Seminar/MMCFeed/MMCDisplay.asp?Lang=en&Product=
103373
-----Original Message-----
From: Grefenp Berchmann C Sodusta [mailto:grefenp@xxxxxxxxxxx]
Sent: Wednesday, May 21, 2003 4:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Issue on ISA-ISA gateway VPN with PIX
in-between.
http://www.ISAserver.org Hello All,
I'm setting up a gateway-gateway connection with a PIX firewall
in-between. Both ISA will establish a VPN connection.
RemoteLAN-------[ISA]------Internet------PIX515------[ISA]-------HeadOff
iceLAN
Without the PIX firewall everything works perfectly, both PPTP
and L2TP/IPSec connections. When the PIX is there L2TP/IPSec gets an
error "The L2TP connection attempt failed because security policy for
the connection was not found.". I have opened all IP (UDP, TCP, GRE)
ports and ICMP at the PIX, still this error appears. Right now only PPTP
works. I have run IPSECMON command, if PIX is there no entries can be
found in it, without the PIX, L2TP/IPSec connects and an entry is there
(IPSECMON). I have disabled filtering of IP fragments on both ISA
server. This error is also the same case as when a Windows 2000 Pro
tries to login to the HeadOfficeLAN using L2TP/IPSec, but using a PPTP
everythings ok.
I've been trying to solve this problem for a week now, ror, any
information is greatly appreciated.
Regards,
Grefenp
------------------------------------------------------ List
Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server
Resource Site: http://www.msexchange.org/ Windows Security Resource
Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
ddellanno@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
Other related posts:
