ISA Firewall Site to Site VPN Quick Fix

If you’ve been trying to create a site to site VPN using 2004 ISA firewall using a pre-shared key only, I feel your pain. You’ve probably seen that it doesn’t work. The key is to not configure the pre-shared key in the Remote Site Wizard. Instead, leave the pre-shared key checkbox unchecked. Then click the VPN Clients tab in the Details pane, and click the Select Authentication Methods link on the Tasks tab in the Task Pane. On the Authentication tab in the Virtual Private Networks (VPN) dialog box, put a checkmark in the Allow customer IPSec policy for L2TP checkbox and enter the pre-shared key. Use the same procedures and the same key on all your VPN gateways. Keep in mind that remote access VPN clients and VPN gateways will be able to use this key — so if you can do anything about it, always try to use certificates instead of pre-shared keys. Remember, using pre-shared keys reduces the level of security provided by the ISA firewall to that of a lowly PIX packet filter!


HTH,
Tom

11 thoughts on “ISA Firewall Site to Site VPN Quick Fix

  1. Hi tom, i have the same problem , but i cant leave the preshared key checkbox unchecked, i have only two options one y preshared and the other is certficates, so what do i have to do?

    Regards

  2. You cannot leave it uncheck because it is not a checkbox! You have to choose between "Certificate" or "Preshared key"…so how did you put that to work?

  3. Hi Tom,

    I’m trying to set up a site-to-site VPN between two ISA 2004 servers (standard editions) and I am having a real brain freeze about which usernames to use where. I’m using PPTP as the security protocol (I know but its low level data) and I am still unable to connect. Both ISA’s report a credentials problem so somehow I seem to be configuring each connection with the wrong user credentials. Using SiteA and SiteB as examples how do I configure the ISA at siteA and siteB. I have your book so if it is in there can you tell me where as I have looked high and low.

    Thanks Tom

  4. indeed ,it’s not a check box when it’s about choosing authentification methode ..
    plz can you help us hwo you did to make it work ??

Leave a Reply

Your email address will not be published. Required fields are marked *