I found this a couple days ago, I hope this will help Deploying a Highly Available Site-to-Site VPN with Microsoft ISA Server and Windows Server 2003 <javascript:ToggleDisplay(div600032, img600032);> http://www.microsoft.com/Seminar/MMCFeed/MMCDisplay.asp?Lang=en&Product= 103373 -----Original Message----- From: Grefenp Berchmann C Sodusta [mailto:grefenp@xxxxxxxxxxx] Sent: Wednesday, May 21, 2003 4:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] Issue on ISA-ISA gateway VPN with PIX in-between. http://www.ISAserver.org Hello All, I'm setting up a gateway-gateway connection with a PIX firewall in-between. Both ISA will establish a VPN connection. RemoteLAN-------[ISA]------Internet------PIX515------[ISA]-------HeadOff iceLAN Without the PIX firewall everything works perfectly, both PPTP and L2TP/IPSec connections. When the PIX is there L2TP/IPSec gets an error "The L2TP connection attempt failed because security policy for the connection was not found.". I have opened all IP (UDP, TCP, GRE) ports and ICMP at the PIX, still this error appears. Right now only PPTP works. I have run IPSECMON command, if PIX is there no entries can be found in it, without the PIX, L2TP/IPSec connects and an entry is there (IPSECMON). I have disabled filtering of IP fragments on both ISA server. This error is also the same case as when a Windows 2000 Pro tries to login to the HeadOfficeLAN using L2TP/IPSec, but using a PPTP everythings ok. I've been trying to solve this problem for a week now, ror, any information is greatly appreciated. Regards, Grefenp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ddellanno@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.