Fair enough and I do believe you Tom, I can see the three policies available using the IPSec snap in, according to what I read, the documentation suggests to use the "Server Security" policy, I have two questions, do I need to ENABLE this policy? or is it used automatically behind the scenes? and Second, could you provide any input as to the nature of the event error that is logged and I am receiving? event 20111 that states the negotiation time out when the calling server attempts a connect? I see no activity when I use the IPSec Monitor? I know I must be close in getting this to work but I need to resolve this last remaining issue that seems to prevent a successful connection. Thank you hugely for all your advise and assistance Tom, for what it is worth, you have proven to be a invaluable resource. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, March 12, 2003 9:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: L2TP with IPSec Tunnels http://www.ISAserver.org Hi Glenn, The number of L2TP/IPsec tunnels (gateway to gateway and VPN Server) are TNTC (TNTC is a term we used in urinalysis "too numerous to count"). You don't need to create an IPSec policy. http://support.microsoft.com/?kbid=248750 <http://support.microsoft.com/?kbid=248750> HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Wednesday, March 12, 2003 7:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] L2TP with IPSec Tunnels Importance: High http://www.ISAserver.org Another L2TP tunnel question that I would like to post for feedback. The last few weeks I have been evaluating ISA and RRAS service on the topic of VPN tunnels, it seems straight forward and easy to establish a PPTP tunnel but L2TP seems a bit more changeling. The perquisites and requirements are in place, I have successfully issued the correct Machine Certificate but the calling server times out or at least it seems. Using diagnostics tools like policy auditing and Netdiag I can see that everything seems to be in order, but the tunnel just wont connect.Interesting enough when I use IPSec Security Monitor I see virtually no activity? in addition, I noticed that even though the IPSec security policy is defined, "Secure Server" I still have to manually enable it? I thought perhaps the ISA tunnel wizards would do this? The event that is logged is as follows: "A demand dial connection on the remote interface was successfully initiated but failed to complete successfully because of the following, The L2TP connection attempted failed because of security negotiation timed out" the actual event code is 20111" Has anyone successfully established a L2TP tunnel using Microsoft RRAS and the ISA tunnel wizards? I welcome any feedback and suggestions. Thank you all for your valued input Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')