Hey Thomas (and List), I am using strictly PPTP for pure simplicity reasons. After playing around more this evening, here is what I came up with (and Thomas, can you verify this for me?) I deleted the entire config on the Receiving ISA Server. I created a new Remote Profile, along with the corresponding Username - changed the Username on the calling machine, and it came up immediately. Just to play around, I rebooted both machines, at different intervals, many times - and it seemed to come back up consistently. This leads me to believe, that as long as you keep your darn hands directly off the RRAS settings (outside of ISA 2004 doing it's own stuff to the config), you should be okay? After tweaking the RRAS Adapter on the calling machine, and setting it to "Persistent Connection" versus "Demand Dial" (with Demand Dial being the default setting), all hell broke loose once again, and then it wouldn't want to connect back up again. However, after going back into the ISA 2004 console, reestablishing the credentials, and finally rebooting, it connected just fine upon the ISA Server coming back up again. Is RRAS THAT closely coupled with ISA 2004 - that if you change ANYTHING outside of using ISA Wizards, everything goes to hell?? I recall, another user on this list, telling me recently that he learned the hard way too, to not mess with RRAS directly - but to allow ISA 2004 to perform the changes whenever you wanted to change something? Well, what if I want to make a chance on the Routing Adapter contained in RRAS, that is automatically created by ISA Server? Stuff like making it into a Persistent Connection, or some other advanced option? It seems to break the config, and you have to start all over again. Could you please verify that for me Thomas? My last question is, what if the Calling server, simply drops off, and then the connection resets? If the calling machine tries to reconnect, is the receiving machine 100% reliable in actually accepting that call once again? I am finding, that if for some reason, the receiving server loses the calling servers connection, the only thing that cleans things up, is a total reboot. I could be wrong, but this is what I seem to be finding. Thanks for your help everybody, Mike -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, November 18, 2004 8:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TERRIBLY frustrated with Remote Site Networks... http://www.ISAserver.org Hi Mike, What VPN protocol are you using? Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Mike Anderson [mailto:mike@xxxxxxxxxxxx] Sent: Thursday, November 18, 2004 6:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] TERRIBLY frustrated with Remote Site Networks... Importance: High http://www.ISAserver.org Hey Everyone, After I finally goy my Firewall policies working, in which I can ping both sides of the network, etc., after a reboot of the server, I can no longer get reconnected again. Under RRAS on the calling computer, the Demand Dial Interface just says that the Remote end is "unreachable". Jeeze! If it's not one thing, it's another thing, with ISA 2004 coupled with RRAS. I am serious - I really thought ISA 2004 on both ends, could be able to at least handle a permanent connection. I've never seen such a simple setup, be so riddled with problems. What really gets me, is after getting it to work, and thinking I had that project all finished, now I have this open can of worms once again - and have to drop everything I am doing, to revisit this client site. You can assume the following: Windows 2003 OS (in a domain environment) and ISA 2004 on the calling side - with a 20-node 192.168.10.x network that it services. Windows 2003 OS (standalone) and ISA 2004 on the receiving end of the connection - with a 10-node 192.168.0.x network that it services. Like Thomas suggested, only one side initiates the connection, while the other end simply accepts the connection. I created Remote Sites via the ISA 2004 console, at each site, etc. On the receiving side, I have a local user created (which is called VPN_Home) with Dial-in access granted, and it's the same name as the Remote Site inside of ISA 2004 (because they of course have to match, according to the docs). Remember, this thing WORKED for a while - and now it does not, so you can assume that I have most everything else configured correctly. What am I missing??? Here is what I get in the Event Logs: On the CALLING ISA Server, I get the following message: "A Demand Dial connection to the remote interface TechniSource on port VPN4-19 was successfully initiated but failed to complete successfully because of the following error: The modem (or other connecting device) has reported an error." On the RECEIVING ISA Server, I get the following message: "A Demand Dial connection to the remote interface VPN_Home failed to be imitated successfully. The following error occurred: The interface credentials have not been set." Please keep in mind, this thing was up for a WEEK. I didn't screw around with anything - and now after a simple reboot of one of the servers, I can no longer establish a Remote Connection. I verified, that the credentials were correct a million times - and re-entered the information in many times - and it did nothing for me. Can somebody help me? Extremely frustrated.... Mike ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx