RE: VPN Progress - One Question

  • From: Glenn Maks <gmaks@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Mar 2003 08:29:33 -0500

Good Morning Tom, My external interface has only 1 IP address assignment, I
will verify the fragment filtering and yes, the cert is a machine
certificate. I started playing with L2TP implementation a week ago when I
started the evaluation of ISA and RRAS, in the process I have found more
useful published Microsoft documents that address these specific issues, I
found them by doing a Google search on the event error I was receiving,
"Error 20111" after reading even more publications I decided to start over
again and I am happy to say, I think I am finally gaining some ground on
this project regarding L2TP implementation. I discovered that I had to
define a IPSec policy and enable it for both ISA servers, in addition,
create the right kind of certificate. I installed the Certification service
on the
ROOT ISA server, the ISA server that runs the Local Wizard to create the vpc
file. Then requesting the right kind of certificate and defining and
enabling a IPSec policy. I am getting closer and today should be the day for
success, "I hope"  Tom, thank you for your valued input and your patience
with all my VPN questions.
 
Glenn
 
 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, March 05, 2003 8:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Progress - One Question


http://www.ISAserver.org


Hi Glenn,
 
How many IP addresses are bound to the external interface?
 
Is fragment filtering disabled?
 
Have you confimed that the machine has a machine certificate? If so, how did
you carry out the confirmation procedure?
 
Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>  
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>  

-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
Sent: Wednesday, March 05, 2003 7:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN Progress - One Question
Importance: High


http://www.ISAserver.org


  
In the process of evaluating ISA I built 2 test servers to look at the VPN
support ISA offers with RRAS as the underlying service.
I successfully created a PPTP tunnel between them which allowed me to
request and install a Certificate on both ISA servers from
a internal private Cert server, this all went well. I then defined a L2TP
tunnel using the Local and Remote wizards and definition file
it created, verified the setting in RRAS and it all looks good, watching the
RRAS service I can see a connection attempt but I get this
error from the Remote ISA server.
 
Error Message:
An Error occurred during the connection of the Interface.
The L2TP connection attempt failed because security negotiation timed out.
 
I searched every where but found nothing that would help understand this
error. Apologies for posting what seems to be one VPN question after
another, but I have received valuable assistance from helpful individuals in
this discussion forum and I do appreciate
all the positive input.
 
Thank you very much
Glenn
 
 
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: