RE: Issue on ISA-ISA gateway VPN with PIX in-between.
- From: "Bob Chestnutt" <chestnuttr@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 May 2003 14:40:26 -0600
MessageDoes the PIX in question induce any network address translation???--as I
understand it L2TP doesn't work thru NAT.
----- Original Message -----
From: David V. Dellanno
To: [ISAserver.org Discussion List]
Sent: Wednesday, May 21, 2003 2:15 PM
Subject: [isalist] RE: Issue on ISA-ISA gateway VPN with PIX in-between.
http://www.ISAserver.org
I found this a couple days ago, I hope this will help
Deploying a Highly Available Site-to-Site VPN with Microsoft ISA Server and
Windows Server 2003
http://www.microsoft.com/Seminar/MMCFeed/MMCDisplay.asp?Lang=en&Product=103373
-----Original Message-----
From: Grefenp Berchmann C Sodusta [mailto:grefenp@xxxxxxxxxxx]
Sent: Wednesday, May 21, 2003 4:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Issue on ISA-ISA gateway VPN with PIX in-between.
http://www.ISAserver.org Hello All,
I'm setting up a gateway-gateway connection with a PIX firewall in-between.
Both ISA will establish a VPN connection.
RemoteLAN-------[ISA]------Internet------PIX515------[ISA]-------HeadOfficeLAN
Without the PIX firewall everything works perfectly, both PPTP and
L2TP/IPSec connections. When the PIX is there L2TP/IPSec gets an error "The
L2TP connection attempt failed because security policy for the connection was
not found.". I have opened all IP (UDP, TCP, GRE) ports and ICMP at the PIX,
still this error appears. Right now only PPTP works. I have run IPSECMON
command, if PIX is there no entries can be found in it, without the PIX,
L2TP/IPSec connects and an entry is there (IPSECMON). I have disabled filtering
of IP fragments on both ISA server. This error is also the same case as when a
Windows 2000 Pro tries to login to the HeadOfficeLAN using L2TP/IPSec, but
using a PPTP everythings ok.
I've been trying to solve this problem for a week now, ror, any information
is greatly appreciated.
Regards,
Grefenp
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server Resource
Site: http://www.msexchange.org/ Windows Security Resource Site:
http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com ------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ddellanno@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
chestnuttr@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
