• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problem with site-to-site VPN

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Problem with site-to-site VPN Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problem with site-to-site VPN - 22.Dec.2006 10:27:50 AM   
floris

 

Posts: 8
Joined: 12.Jul.2006
Status: offline
Hi, we are trying to setup a site-to-site VPN using ISA 2006 SE. We used the documentation available on this website to configure the "main" office and the "branch" office. Our VPN clients can dial into the network without a problem (using certificates etc.) however we are not able to connect the two sites. When I try to initialise a connection from the remote site I get an error in the eventlog:


A Demand Dial connection to the remote interface XXX on port VPN4-100 was successfully initiated but failed to complete successfully because of the following error: It was not possible to verify the identity of the server.

The way I interpret this error is that the connection can be physically established, however somewhere the authentication fails. We are using certificates for the branch->main connection and certificates+pre-shared key for the main->branch connection. We cannot use pre-shared keys for the branch->main connection as our VPN clients would then not be able to connect using their certificates (right?)
 
I cannot find any suitable documentation that can help me out with this error - hoping someone here can help me troubleshoot this... Please let me know what other information you need!
 
Many thanks!
Floris
Post #: 1
RE: Problem with site-to-site VPN - 30.Dec.2006 10:21:36 AM   
aumayrwe

 

Posts: 3
Joined: 29.Dec.2006
Status: offline
Questions:
VPN-Clients will connect to MAIN-Office or Branch
VPN clients will use which client (MS-PPTP,LL2P,...?)

I have successfully set up the following scenario
MAIN-Branch with preshared secret IPSec (both directions)
Clients - pptp to MAIN Network

(in reply to floris)
Post #: 2
RE: Problem with site-to-site VPN - 2.Jan.2007 4:09:52 PM   
floris

 

Posts: 8
Joined: 12.Jul.2006
Status: offline
VPN clients currently connect from their laptops to the Main Office using L2TP and certificates.
The aim is to setup the Branch Office to connect to the Main Office, ultimatley also using certs. but I would be happy to get it going with pre-shared keys for now.
So the way I see it, the branch office is "just" another VPN client with a permanent connection using another authentication method for the start and then certificates later on.

thanks.

(in reply to aumayrwe)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Problem with site-to-site VPN Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts