Answering Tom's question, No, the tunnel does not enable when a client behind the ISA server makes a request. Casey, I have been reading about the requirement of a Certificate server when building VPN tunnels with ISA. I have installed the Cert service on one of the ISA servers and issued a Cert to the Remote ISA server, still the tunnel dies on me, the setting is also set to persistent? I don't think that DHCP would cause this type of issue, it seems to be more of a authentication and validation problem? -----Original Message----- From: Friese, Casey [mailto:cfriese@xxxxxxxxxxxxx] Sent: Friday, February 28, 2003 3:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: PPTP & L2TP VPN Tunnels http://www.ISAserver.org I'm having the same issue with my production environment using only PPTP for the tunnels. Odd thing is that when the tunnel goes down - both ISA's and the clients behind them can still get out on the internet yet both ISA's report that the other's endpoint is unreachable and event log reports that there's no answer. I have both RRAS demand dial interfaces set to persistant. I passed the problem off as a DHCP issue because at the times the tunnel would go down I would see event logs on my dhcp servers talking about DHCP db cleanup taking place. I changed both tunnel endpoints to use a static IP but the problem still occured...*shurg* -casey -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, February 28, 2003 2:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: PPTP & L2TP VPN Tunnels http://www.ISAserver.org Hi Glenn, Does the tunnel reconnect if a client behind the ISA Server makes a request? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Friday, February 28, 2003 1:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] PPTP & L2TP VPN Tunnels http://www.ISAserver.org Am I missing something here, I must be, I have 2 ISA servers that I have setup for a test environment, currently I am working with VPN tunnels, both PPTP and L2TP, my problem is this, after establishing a tunnel, either PPTP or L2TP after short period of time the tunnel disconnects and no mater what I do I can not reestablish the link. Both of these ISA servers were built as standalone integrated web cache, firewall and proxy. I did install the Certificate service on one of the ISA servers, keeping in mind this is only to evaluate the ISA platform. My remote ISA server that ran Remote VPN wizard and read the config file also requested and installed a Cert from the Cert server? There must be a way to build either a PPTP or L2TP tunnel and have it enabled and always connected. What am I missing here? Thank you Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')