Re: Site to Site "Negotiating IP Security"

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

OK, right after I posted that, I tried pinging the remote server (SBS2003)
from my workstation (WinXPPro) behind my local ISA server (Win2003) and I
can ping and browse to the remote server by IP no problem. However I cannot
ping it by DNS. I setup the IP of the remote server as a DNS forwarder on my
local server but I'm guessing that because the server's aren't seeing each
other, DNS wont forward properly?

How do I get these servers talking?

Thanks!

--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
"David Lozzi" <dlozzi@xxxxxxxxxxxxx> wrote in message
news:OfQr%23HseGHA.4912@xxxxxxxxxxxxxxxxxxxxxxx
Howdy,

Here's my scenario:

sbs2003pre w/ isa 2004 -- dlink router -- internet -- dlink router --
win2003 w/ isa 2004

Both servers are in the DMZ of each router. The dlinks are there because
these ISA networks are secondary networks. I followed the following link
to setup the VPN between the two servers:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositevpn.mspx

In addition, i added two firewall polices to each ISA box: From remote
network to internal and local and from internal and local to remote
network, all protocols. The remote sites are setup as follows:

Address range: internal of each. both different ips (10.0.25.0 and
192.168.7.0)
Each has the external IP address of the other server specified. The ISP's
IP.
Local VPN Gateway IP Address specifies the external ip of isa
(192.168.1.20 and 10.7.7.150 respectively)
IPSEC Settings (from top to bottom)
Phase I tab
3DES
MD5
Group 2
28800
Phase II Tab
3DES
MD5
Generate key every 3600 seconds
Use PFS is checked
Group 2
Authentication is pre-shared key, both the same key

So when I ping the remote server by IP I get "Negotiating IP Security"
four times. If I ping again immediatly I continue to get this response.
Same from both servers.

HELP!

Thanks!!!!

--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com



.

Relevant Pages

  • Re: HTTP trouble in 2004
    ... > understand is why can't I ping the public address of the DC. ... >> separating the DC role from the ISA Server role. ... >>>I appear to be an ISA dummy and have a small problem. ... My nics are setup with teh DC being the DNS server and my IE ...
    (microsoft.public.isaserver)
  • RE: VPN Connects, but no Internal IP or network resources.
    ... versions of ISA yet seem to be having the same trouble. ... I just noticed in this post though, that you can't even ping the other ... an access issue rather than connectivity. ... My ISA server is going to be down until I rebuild it, so I can't even do any ...
    (microsoft.public.isa.vpn)
  • Re: Valid scenario for ISA 2004 Site to Site Deployment?
    ... Right - I understand your point regarding ping. ... rule setup so the corpnet can talk to the hosted server w/o any problems. ... So - back to the original question, would this be a valid scenario for ISA ...
    (microsoft.public.isa.configuration)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... ping works. ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... request and Ping reply come in and out of the internal interface that is on ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)