RE: L2TP with IPSec Tunnels
- From: Glenn Maks <gmaks@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2003 10:14:32 -0500
Fair enough and I do believe you Tom, I can see the three policies available
using the IPSec snap in, according to what I read, the documentation
suggests to use the "Server Security" policy, I have two questions, do I
need to ENABLE this policy? or is it used
automatically behind the scenes? and Second, could you provide any input as
to the nature of the event error that is logged and I
am receiving? event 20111 that states the negotiation time out when the
calling server attempts a connect? I see no activity when I use the IPSec
Monitor? I know I must be close in getting this to work but I need to
resolve this last remaining issue that seems to prevent
a successful connection.
Thank you hugely for all your advise and assistance Tom, for what it is
worth, you have proven to be a invaluable resource.
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, March 12, 2003 9:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: L2TP with IPSec Tunnels
http://www.ISAserver.org
Hi Glenn,
The number of L2TP/IPsec tunnels (gateway to gateway and VPN Server) are
TNTC (TNTC is a term we used in urinalysis "too numerous to count").
You don't need to create an IPSec policy.
http://support.microsoft.com/?kbid=248750
<http://support.microsoft.com/?kbid=248750>
HTH,
Tom
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1
Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Wednesday, March 12, 2003 7:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] L2TP with IPSec Tunnels
Importance: High
http://www.ISAserver.org
Another L2TP tunnel question that I would like to post for feedback. The
last few weeks I have been evaluating ISA and RRAS service
on the topic of VPN tunnels, it seems straight forward and easy to establish
a PPTP tunnel but L2TP seems a bit more changeling.
The perquisites and requirements are in place, I have successfully issued
the correct Machine Certificate but the calling server times out
or at least it seems. Using diagnostics tools like policy auditing and
Netdiag I can see that everything seems to be in order, but the tunnel just
wont connect.Interesting enough when I use IPSec Security Monitor I see
virtually no activity? in addition, I noticed that even though the IPSec
security policy is defined, "Secure Server" I still have to manually enable
it? I thought perhaps the ISA tunnel wizards would do this? The event that
is logged is as follows:
"A demand dial connection on the remote interface was successfully initiated
but failed to complete successfully because of the following,
The L2TP connection attempted failed because of security negotiation timed
out" the actual event code is 20111"
Has anyone successfully established a L2TP tunnel using Microsoft RRAS and
the ISA tunnel wizards? I welcome any feedback and suggestions.
Thank you all for your valued input
Glenn
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
