RE: L2TP with IPSec Tunnels

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 12 Mar 2003 08:43:35 -0600

Hi Glenn,
 
The number of L2TP/IPsec tunnels (gateway to gateway and VPN Server) are
TNTC (TNTC is a term we used in urinalysis "too numerous to count").
 
You don't need to create an IPSec policy.
 
http://support.microsoft.com/?kbid=248750
 
HTH,
Tom
 
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>

Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 
 

        -----Original Message-----
        From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
        Sent: Wednesday, March 12, 2003 7:32 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] L2TP with IPSec Tunnels
        Importance: High
        
        
        http://www.ISAserver.org
        
        
        Another L2TP tunnel question that I would like to post for
feedback. The last few weeks I have been evaluating ISA and RRAS service
        on the topic of VPN tunnels, it seems straight forward and easy
to establish a PPTP tunnel but L2TP seems a bit more changeling.
        The perquisites and requirements are in place, I have
successfully issued the correct Machine Certificate but the calling
server times out
        or at least it seems. Using diagnostics tools like policy
auditing and Netdiag I can see that everything seems to be in order, but
the tunnel just wont connect.Interesting enough when I use IPSec
Security Monitor I see virtually no activity? in addition, I noticed
that even though the IPSec security policy is defined, "Secure Server" I
still have to manually enable it? I thought perhaps the ISA tunnel
wizards would do this? The event that is logged is as follows:
        "A demand dial connection on the remote interface was
successfully initiated but failed to complete successfully because of
the following,
        The L2TP connection attempted failed because of security
negotiation timed out" the actual event code is 20111"
        Has anyone successfully established a L2TP tunnel using
Microsoft RRAS and the ISA tunnel wizards?  I welcome any feedback and
suggestions.
         
        Thank you all for your valued input
         
        Glenn
         
         
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: