Here's a snippit from the doc There are numerous important components to defining these site-to-site links. It is imperative to recognize that only one of the VPN peers initiates the VPN connection. The remote VPN peer simply recognizes the connection, and initiates the appropriate initialization of the local interface when the peer supplies a username (under login credentials) that matches the name of the local interface. ACTIVE VPN: Router Name: SEA_to_ORD Remote IP Address: 205.178.180.125 Dial-Out Credentials (Username): SEA_to_ORD Dial-Out Credentials (Password): <anything - preferably complex> Dial-Out Credentials (Domain): SEATTLEVPN Dial-In Credentials: <blank!> During the creation of the interface, Windows 2000 will prompt for dial-in credentials. Since this interface is the active dialer, these credentials are not needed. Instead, dial-out credentials should be specified. Once this interface is configured, select the properties of the interface. Change the type of interface to persistent, and set the redial attempts to 10000. PASSIVE VPN: Router Name: SEA_to_ORD Remote IP Address: <blank!> Dial-In Credentials (Username): SEA_to_ORD Dial-Out Credentials (Domain): <blank!> ( enter anything at this point, because you won't finish the wizard until you do. Then right click the connector and select credentials and clear them. During the creation of this passive interface, dial-in credentials must be established. This may be performed by selecting the add account so remote router can dial in option during configuration. After the interface is configured, select the properties of the interface. Change the interface to demand-dial, and set the disconnection time to never. When the ACTIVE VPN is initialized, a connection to the remote VPN is established. Upon connection, the dial-out credentials are presented to the remote machine. Upon receiving the credentials, the PASSIVE VPN recognizes that the name of the local RRAS interface matches the username of the credentials. Thus, it immediately associates the VPN interface to the connection - and routes packets appropriately. Add static routes at both ends, or use rip. Cheers Steve -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, February 19, 2003 11:14 AM To: Isa List Subject: [isalist] VPN router-to-router drop every ~3 minutes http://www.ISAserver.org Hi folks! I have two ISA servers that are connected this way: Internal Network--ISA---DSL router----Internet----DSL router---ISA-Internal Network Both DSL routers are set to forward all inbound traffic to the ISA Server´s public NIC. BTW, they are both Alcatel Speed Touch Pro modems. Well, here's what happens when I establish a router-to-router PPTP VPN between these two ISA's: I created the connections on RRAS, created credentials on both sides and I also created the static routes from one network to another. Everything works fine, traffic is routed, it's really fast, but.... it drops for no reason every 3 minutes or less. Here's the event that RRAS generates: The user SOFTSELL\itatiaia connected on port VPN3-126 on 02/17/2003 at 05:30pm and disconnected on 02/17/2003 at 05:31pm. The user was active for 1 minutes 36 seconds. 0 bytes were sent and 0 bytes were received. The port speed was 10000000. The reason for disconnecting was user request. Note that this happens even if I have traffic on the tunnel. Both servers have SP3 and ISA SP1 applied. I couldn't find any remote access policy that disconnects someone for any reason... everything is unset. Could it be inheriting these policies from somewhere else? I tried to use that wizard from ISA server to create VPN´s, but the public address is not bound to my public NIC, so it won´t work If I import the settings on the other edge. Any ideas? Tiago de Aviz --------------------- www.softsell.com.br tiago@xxxxxxxxxxxxxxx ------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx