Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

2k6 IPSEC site to site VPN not working

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> 2k6 IPSEC site to site VPN not working Page: [1]
Login
Message << Older Topic   Newer Topic >>
2k6 IPSEC site to site VPN not working - 12.Jul.2006 8:57:38 PM   
jwf1776

 

Posts: 7
Joined: 9.Feb.2004
Status: offline 		I’m trying to test out an IPSEC site to site VPN between 2 "ISA 2006 RC" servers.
 
My tests keep failing and I am trying to determine whether I need to change my configuration or my tests.
 
ISA1:


Int  interface:192.168.16.6/24
Int  interface GW:
Int  interface DNS: 192.168.16.1
Ext interface:xxx.xxx.xxx.43/29
Ext interface GW: xxx.xxx.xxx.41
Ext interface Dns:
 
The servers external interfaces are connected with a crossover cable.
 
ISA2:
Ext interface:yyy.yyy.yyy.122/30
Ext interface GW: yyy.yyy.yyy.121
Ext interface Dns:
Int  interface:192.168.10.1/24
Int  interface GW:
Int  interface DNS:
 
I configured a site-to-site IPSEC VPN on ISA1 (using the wizard):
Local Tunnel Endpoint: xxx.xxx.xxx.43
Remote Tunnel Endpoint: yyy.yyy.yyy.122
Remote Network 'testvpn' IP Subnets:
    Subnet: yyy.yyy.yyy.122/255.255.255.255
    Subnet: 192.168.10.0/255.255.255.0
 
And I configured a site-to-site IPSEC VPN on ISA2 (using the wizard):
Local Tunnel Endpoint: yyy.yyy.yyy.122
Remote Tunnel Endpoint: xxx.xxx.xxx.43
Remote Network 'testvpn' IP Subnets:
    Subnet: xxx.xxx.xxx.43/255.255.255.255
    Subnet: 192.168.16.0/255.255.255.0
 
(both VPNs have same IKE policy)
 
Each isaserver has a network rule to route “testvpn” to “internal”.
Each isaserver has a firewall policy to permit “all outbound traffic” from “testvpn” and  “internal” to “testvpn” and  “internal”.
 
When I try to ping 192.168.16.1 from ISA2, I get “negotiating IP security”. 
Or if I try to access http://192.168.16.1/ from ISA2, I get a “isa server denied specified url”.
 
I assume from my tests failing that the IPSEC tunnel isn't working.  What am I doing wrong?
 
 
 
 
 
 
 
Post #: 1
RE: 2k6 IPSEC site to site VPN not working - 13.Jul.2006 3:03:38 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jwf,

1. Don't test from the firewall itself, test from hosts behind each ISA firewall

2. If both sides are using ISA firewall, then always use L2TP/IPSec. You get more security and double your throughput.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to jwf1776)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> 2k6 IPSEC site to site VPN not working Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts