• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

site to site vpn isa 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> site to site vpn isa 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
site to site vpn isa 2004 - 8.Jan.2008 11:47:50 PM   
pakiboy

 

Posts: 2
Joined: 8.Jan.2008
Status: offline
dear friends,

i have configured site to site vpn using isa server 2004, using isa only IPSec tunnel protocol with preshared key to keep life simple... the problem is that i am unable to ping compuers at branch office from headoffice vice versa, only i can ping the external ip address that is bind at branch office isa server from headoffice isa server. (i have made network relationship route rule and firewall ploicy rule from internal to branch, branch to internal both sides will all outbound traffic)

when i try to ping computers at branch office from my workstation at headoffice i get request timed out and some time negotiating ip security.

i am searching for help from last two days but to no avail, if any body can help me in this regard, i shall be very thank full... (what else....)
Post #: 1
RE: site to site vpn isa 2004 - 10.Jan.2008 2:36:42 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
If you're getting "Negotiating IP Security" messages, that implies you're PINGing from the ISA Server itself.

See my article on this if you haven't already.

Troubleshooting IPSec Tunnel Mode Scenarioshttp://www.isaserver.org/tutorials/Troubleshooting-IPSec-Tunnel-Mode-Scenarios.html

(in reply to pakiboy)
Post #: 2
RE: site to site vpn isa 2004 - 21.Jan.2008 7:26:07 AM   
pakiboy

 

Posts: 2
Joined: 8.Jan.2008
Status: offline
thnaks for reply. there was wrong ip address entered at remote site.. after rectifying the conflict i can get ping reply from and to isa servers but at client side it continously gives destination host unreachable after one or two "negotiating ip sec" messages.

cant understand whats going on... can suggest something for this ?

NB: even i tried using l2tp but same result

(in reply to ClintD)
Post #: 3
RE: site to site vpn isa 2004 - 21.Jan.2008 11:00:01 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
The client should only show "Negotiating IP Security" if it has an IPSec policy directly assigned to it which is not necessary for a site to site connection - can you confirm this?

If it's enabled, turn it off to simplify the troubleshooting (the easiest way to do this is at that client command prompt, run 'net stop policyagent').

(in reply to pakiboy)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> site to site vpn isa 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts