Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Site to Site VPN config issues
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Site to Site VPN config issues - 12.Nov.2006 12:17:47 AM
|
|
|
sls
Posts: 5
Joined: 12.Nov.2006
Status: offline
|
Currently trying to configure up a site-to-site VPN between a 'main' and 'branch' office. L2TP with pre-shared key initially, with a plan to move to certs once we've done some initial tests.
Both ISA servers are domain joined, at the 'main' site the ISA server also serves VPN to remote users.
When attempting to connect, the following appears in my event log:
Event Type: Warning
Event Source: RemoteAccess
Event Category: None
Event ID: 20189
Date: 12/11/2006
Time: 05:09:21
User: N/A
Computer: XXX
Description:
The user XXX\user connected from [IP GOES HERE] but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Any ideas what might cause this? The account is valid and verified but for some reason the above still appears.
|
|
|
|
|
RE: Site to Site VPN config issues - 20.Nov.2006 12:30:10 PM
|
|
|
sls
Posts: 5
Joined: 12.Nov.2006
Status: offline
|
Hi Tom,
I've got this working now, haven't had time to come back and post how it was fixed though...
The firewalls are domain-joined, although I was specifying the machine name and the logins were local, when I swapped to accounts in our AD and specified the domain name instead it began to work.
Any ideas why this might be? Do domain joined firewalls need domain accounts for this kind of connection?
Regards,
Steve
|
|
|
|
|
RE: Site to Site VPN config issues - 26.Nov.2006 10:49:50 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Steve,
The dial in accounts for the site to site VPN connection can be either domain or local accounts when the ISA Firewalls are domain members. However, I always use local accounts. Just make sure the local accounts have the correct names (based no the names of the demand dial interfaces) and that they have dialin permissions.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Site to Site VPN config issues - 26.Nov.2006 10:55:39 AM
|
|
|
sls
Posts: 5
Joined: 12.Nov.2006
Status: offline
|
Hi Tom,
We tried that, in fact all I did was create domain accounts for the same usernames and switched from machine name to domain name under the credentials. Rights were set correctly for both sets of accounts, besides the bad username/pass error wouldn't refer to this...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
