Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Site to Site VPN drops briefly every day
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Site to Site VPN drops briefly every day - 24.May2007 4:17:41 AM
|
|
|
Mr_Logic
Posts: 32
Joined: 15.Jun.2004
Status: offline
|
We have an ISA server which I am trying (still, it's been a while!) to make work with site to site VPN tunnels, reliably.
Currently, the ISA has 4 interfaces, LAN, DMZ, WAN, and an Interface called VPN. This VPN interface is only used to enable me to have a separate VPN appliance. I want to scrap that appliance because it's Netgear and cannot firewall the VPN tunnels, and move its config to the ISA box.
My first network is our pre-production site, and this is configured with a 1-hour IPSec timeout, and a 2-hour IKE rekey. So I would expect it to die every two hours or so if there was a problem with this. But it doesn't, it dies once or twice a day.
I had enabled RIP on Routing and Remote Access, and, thinking it might be an issue, partially removed it. Now it only talks on the VPN network, allowing me to add VPNs more easily. It can be removed if it will cause issues.
The other end of the tunnel is a Cisco ASA 5510, running ASA 7.2. This is a very odd issue, and what I want to do initially is to get some debugging info off of the ISA box. Where can I find this information?
And secondly does anyone have any other ideas? The server is running Windows Server 2003 SP2, so it's not the old Sp1 IPsec issue.
Many thanks! :-)
|
|
|
|
|
RE: Site to Site VPN drops briefly every day - 24.May2007 2:26:53 PM
|
|
|
uzimmermann
Posts: 39
Joined: 15.May2007
Status: offline
|
Hi Mr_Logic
One Solution to detailed logging of a IPsec VPn is the Oakley Logging functionallity
Try this: http://support.microsoft.com/kb/257225
(its also working for Server 2003)
after the modification you should restart the box or the Firewall (RRAS restarts to)Services.
its a detailed Logging of the IKE Handshakes.
Attention its logging continously you should kill the registry Flag and restars the services for end of Logging ;)
Regards
uzimmermann
|
|
|
|
|
RE: Site to Site VPN drops briefly every day - 24.May2007 5:56:21 PM
|
|
|
Mr_Logic
Posts: 32
Joined: 15.Jun.2004
Status: offline
|
UZ, many thanks for that info, I will give it a try.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
