Hi Glenn, The number of L2TP/IPsec tunnels (gateway to gateway and VPN Server) are TNTC (TNTC is a term we used in urinalysis "too numerous to count"). You don't need to create an IPSec policy. http://support.microsoft.com/?kbid=248750 HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Wednesday, March 12, 2003 7:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] L2TP with IPSec Tunnels Importance: High http://www.ISAserver.org Another L2TP tunnel question that I would like to post for feedback. The last few weeks I have been evaluating ISA and RRAS service on the topic of VPN tunnels, it seems straight forward and easy to establish a PPTP tunnel but L2TP seems a bit more changeling. The perquisites and requirements are in place, I have successfully issued the correct Machine Certificate but the calling server times out or at least it seems. Using diagnostics tools like policy auditing and Netdiag I can see that everything seems to be in order, but the tunnel just wont connect.Interesting enough when I use IPSec Security Monitor I see virtually no activity? in addition, I noticed that even though the IPSec security policy is defined, "Secure Server" I still have to manually enable it? I thought perhaps the ISA tunnel wizards would do this? The event that is logged is as follows: "A demand dial connection on the remote interface was successfully initiated but failed to complete successfully because of the following, The L2TP connection attempted failed because of security negotiation timed out" the actual event code is 20111" Has anyone successfully established a L2TP tunnel using Microsoft RRAS and the ISA tunnel wizards? I welcome any feedback and suggestions. Thank you all for your valued input Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')