If you’ve been trying to create a site to site VPN using 2004 ISA firewall using a pre-shared key only, I feel your pain. You’ve probably seen that it doesn’t work. The key is to not configure the pre-shared key in the Remote Site Wizard. Instead, leave the pre-shared key checkbox unchecked. Then click the VPN Clients tab in the Details pane, and click the Select Authentication Methods link on the Tasks tab in the Task Pane. On the Authentication tab in the Virtual Private Networks (VPN) dialog box, put a checkmark in the Allow customer IPSec policy for L2TP checkbox and enter the pre-shared key. Use the same procedures and the same key on all your VPN gateways. Keep in mind that remote access VPN clients and VPN gateways will be able to use this key — so if you can do anything about it, always try to use certificates instead of pre-shared keys. Remember, using pre-shared keys reduces the level of security provided by the ISA firewall to that of a lowly PIX packet filter!
HTH,
Tom
Hi tom, i have the same problem , but i cant leave the preshared key checkbox unchecked, i have only two options one y preshared and the other is certficates, so what do i have to do?
Regards
Ah in you article all work!!!
how???
Of course it works! I do it exactly how I write it in the articles and it always works.
HTH,
Tom
You cannot leave it uncheck because it is not a checkbox! You have to choose between "Certificate" or "Preshared key"…so how did you put that to work?
If you’re running a unix firewall (linux, osx), then
forwarding pptp is a breeze: check out pptp proxy
http://www.mgix.com/pptpproxy
Hi Tom,
I’m trying to set up a site-to-site VPN between two ISA 2004 servers (standard editions) and I am having a real brain freeze about which usernames to use where. I’m using PPTP as the security protocol (I know but its low level data) and I am still unable to connect. Both ISA’s report a credentials problem so somehow I seem to be configuring each connection with the wrong user credentials. Using SiteA and SiteB as examples how do I configure the ISA at siteA and siteB. I have your book so if it is in there can you tell me where as I have looked high and low.
Thanks Tom
ISATools.org has gotten a make over and it looks great. The site is much easier to navigate now.
You can wiew more information through http://www.isatools.org/
ISATools.org has gotten a make over and it looks great. The site is much easier to navigate now.
You can view more information through http://www.isatools.org/.
ISATools.org has gotten a make over and it looks great.
You can view more information through http://www.isatools.org/.
indeed ,it’s not a check box when it’s about choosing authentification methode ..
plz can you help us hwo you did to make it work ??
It doesn’t work.
You can’t leave it blank. Tom’s smoking pot!