MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Dr. Tom's ISA Server 2004 Firewall Blog » ISA Firewall Site to Site VPN Quick Fix

ISA Firewall Site to Site VPN Quick Fix

If you've been trying to create a site to site VPN using 2004 ISA firewall using a pre-shared key only, I feel your pain. You've probably seen that it doesn't work. The key is to not configure the pre-shared key in the Remote Site Wizard. Instead, leave the pre-shared key checkbox unchecked. Then click the VPN Clients tab in the Details pane, and click the Select Authentication Methods link on the Tasks tab in the Task Pane. On the Authentication tab in the Virtual Private Networks (VPN) dialog box, put a checkmark in the Allow customer IPSec policy for L2TP checkbox and enter the pre-shared key. Use the same procedures and the same key on all your VPN gateways. Keep in mind that remote access VPN clients and VPN gateways will be able to use this key -- so if you can do anything about it, always try to use certificates instead of pre-shared keys. Remember, using pre-shared keys reduces the level of security provided by the ISA firewall to that of a lowly PIX packet filter!

HTH,
Tom

Posted Oct 07 2004, 09:57 AM by shinder

Comments

shinder wrote re: ISA Firewall Site to Site VPN Quick Fix
on 10-15-2004 17:04
Hi tom, i have the same problem , but i cant leave the preshared key checkbox unchecked, i have only two options one y preshared and the other is certficates, so what do i have to do?

Regards
shinder wrote re: ISA Firewall Site to Site VPN Quick Fix
on 11-02-2004 13:16
Ah in you article all work!!!
how???
shinder wrote re: ISA Firewall Site to Site VPN Quick Fix
on 11-02-2004 13:17
Of course it works! I do it exactly how I write it in the articles and it always works.

HTH,
Tom
shinder wrote re: ISA Firewall Site to Site VPN Quick Fix
on 11-15-2004 4:06
You cannot leave it uncheck because it is not a checkbox! You have to choose between "Certificate" or "Preshared key"...so how did you put that to work?
TrackBack wrote re:ISA Firewall Site to Site VPN Quick Fix
on 04-12-2005 23:32
^_^,Pretty Good!
TrackBack wrote re:ISA Firewall Site to Site VPN Quick Fix
on 04-16-2005 3:27
^_^,Pretty Good!
TrackBack wrote re:ISA Firewall Site to Site VPN Quick Fix
on 05-19-2005 19:38
^_~,pretty good!csharpsseeoo
shinder wrote re: ISA Firewall Site to Site VPN Quick Fix
on 07-09-2005 22:57

If you're running a unix firewall (linux, osx), then
forwarding pptp is a breeze: check out pptp proxy
http://www.mgix.com/pptpproxy
TrackBack wrote re:ISA Firewall Site to Site VPN Quick Fix
on 07-22-2005 10:12
ISA Firewall Site to Site VPN Quick Fixooeess
TrackBack wrote re:ISA Firewall Site to Site VPN Quick Fix
on 08-03-2005 20:32
ISA Firewall Site to Site VPN Quick Fixooeess

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems