Problem with ISA 2004 SP2 and Dlink HI-804HV in Site to Site VPN

ISA Experts,

My configuration:

192.168.2.0 (Corporate Office) <-> ISA 2004 <-> Internet <-> Actiontec DSL
Router (Transparent Bridging) <-> DLink HI-804HV <-> 192.168.1.0 (Branch
Office)

The Dlink has the latest firmware (v1.44) and I have established a
connection per the instructions in the following article
http://www.isaserver.org/articles/2004isadlink.html

However, the connection drops repeatedly and is basically unacceptable.

These are the errors I am receiving in the event log at the ISA Server:

On the ISA server the events in the security log are:
12:04:23 547 Failure Quick Mode
12:04:23 543 Main Mode Ended
12:04:23 541 Main Mode Established
12:04:52 542 Quick Mode Ended
12:05:00 541 Quick Mode Established
12:05:26 547 Failure Quick Mode
12:05:26 543 Main Mode Ended
12:05:26 541 Main Mode Established
12:06:29 547 Failure Quick Mode
12:08:23 547 Failure Quick Mode
12:08:23 543 Main Mode Ended
12:08:23 541 Main Mode Established
12:09:26 547 Failure Quick Mode

And on and on.. re negotiating the SA every couple minutes rather than hours.
The actual error is:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 547
Date: 9/7/2006
Time: 12:04:23 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: XXXX
Description:
IKE security association negotiation failed.
Mode:
Data Protection Mode (Quick Mode)

Filter:
Source IP Address xxx.xxx.xxx.40
Source IP Address Mask 255.255.255.255
Destination IP Address 192.168.17.0
Destination IP Address Mask 255.255.255.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr xxx.xxx.xxx.40
IKE Peer Addr xx.x.xx.130
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

Peer Identity:
Preshared key ID.
Peer IP Address: xx.x.xx.130

Failure Point:
Me

Failure Reason:
IKE SA deleted before establishment completed

Extra Status:
Processed third (ID) payload
Initiator. Delta Time 63
0x0 0x0

I would like to know if there are tweaks I can make or if this device is not
sufficient to support a solid site-to-site VPN deployment? I have tried
switching from SHA to MD5 and had the same problem. The connection stays in
the Establishing state for several minutes then connects for a few minutes
then drops and repeats the same process. I have modified the SAIdleTime to
3600 and have installed hotfix 281966 but still have the same errors.

Thanks in advance for the help!
.

Relevant Pages

  • Re: Problem with ISA 2004 SP2 and Dlink HI-804HV in Site to Site V
    ... No it actually made it worse to where no connection could be obtained. ... "Johan Engdahl" wrote: ... 12:04:23 547 Failure Quick Mode ... IKE security association negotiation failed. ...
    (microsoft.public.isa.vpn)
  • Re: Problem with ISA 2004 SP2 and Dlink HI-804HV in Site to Site VPN
    ... the connection drops repeatedly and is basically unacceptable. ... 12:04:23 547 Failure Quick Mode ... IKE security association negotiation failed. ... IKE Source Port 500 ...
    (microsoft.public.isa.vpn)
  • Re: Windows 2003 SP1 - Many problems on ISA 2000 server
    ... I am also having a problem with Win 2003 SP with ISA 2000 in that once I ... > Use the source location 308.1151.3.0.1200.365 to report the failure. ... This failure may be due to the Internet Connection Firewall ... > this event, see ISA Server Help. ...
    (microsoft.public.isa.configuration)
  • Re: AS Sites and Services
    ... Build out a vpn of site to site, creating a triangular connection. ... any failure on one link wouldn't prevent site to site activity. ... We have a couple of clients who have multiple "remote" sites. ...
    (microsoft.public.windows.server.active_directory)
  • [PATCH 4/6] iSER RDMA CM (CMA) and IB verbs interaction
    ... * licenses. ... * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ... * -1 on failure ... * Frees all conn objects and deallocs conn descriptor ...
    (Linux-Kernel)
Loading