Good Morning Tom, My external interface has only 1 IP address assignment, I will verify the fragment filtering and yes, the cert is a machine certificate. I started playing with L2TP implementation a week ago when I started the evaluation of ISA and RRAS, in the process I have found more useful published Microsoft documents that address these specific issues, I found them by doing a Google search on the event error I was receiving, "Error 20111" after reading even more publications I decided to start over again and I am happy to say, I think I am finally gaining some ground on this project regarding L2TP implementation. I discovered that I had to define a IPSec policy and enable it for both ISA servers, in addition, create the right kind of certificate. I installed the Certification service on the ROOT ISA server, the ISA server that runs the Local Wizard to create the vpc file. Then requesting the right kind of certificate and defining and enabling a IPSec policy. I am getting closer and today should be the day for success, "I hope" Tom, thank you for your valued input and your patience with all my VPN questions. Glenn -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, March 05, 2003 8:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Progress - One Question http://www.ISAserver.org Hi Glenn, How many IP addresses are bound to the external interface? Is fragment filtering disabled? Have you confimed that the machine has a machine certificate? If so, how did you carry out the confirmation procedure? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Wednesday, March 05, 2003 7:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] VPN Progress - One Question Importance: High http://www.ISAserver.org In the process of evaluating ISA I built 2 test servers to look at the VPN support ISA offers with RRAS as the underlying service. I successfully created a PPTP tunnel between them which allowed me to request and install a Certificate on both ISA servers from a internal private Cert server, this all went well. I then defined a L2TP tunnel using the Local and Remote wizards and definition file it created, verified the setting in RRAS and it all looks good, watching the RRAS service I can see a connection attempt but I get this error from the Remote ISA server. Error Message: An Error occurred during the connection of the Interface. The L2TP connection attempt failed because security negotiation timed out. I searched every where but found nothing that would help understand this error. Apologies for posting what seems to be one VPN question after another, but I have received valuable assistance from helpful individuals in this discussion forum and I do appreciate all the positive input. Thank you very much Glenn ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')