Tunnel IPsec Isa2004 to ISA2006 Site to Site.
Hello,
we have two sites: one with isa2004 and the other with isa2006 ( as our only firewall)
there is remote site vpn in both sites and all of the parameters match.
all we need is both sites can ping each other.
the isa2006 can ping to the isa2004 but when we try to do ping from isa2004 to isa2006 we get "negotiating ip security"
in the isa2004 event in the application section we get an error massage: "The Firewall service cannot create the IPsec configuration"
any ides?
thanks.
Answers
I got it working for me, I believe this was the solution for this issue for me. I had a lot of issues.
If it is then here is what I did that fixed it.
Open Isa Server Managment
Expand you server name
Click Virtual Private networks (VPN)
Click the remote sites Tab.
Highlight your remote site and click edit or right click and properties
Click the addresses tab
Make sure that the remote Lan address range is listed, (these are the computers behind your sonicwall)
AND MAKE SURE YOUR EXTERNAL ADDRESS (from ISP) of the remote network is listed.
SO from the computers behind your sonicwall go to a whatsmyip.net site and whatever address that shows put in that address tab.
We had to get a static IP address at the remote site (Sonicwall site) so that the vpn would stay up, either that or every time the addresss changed we would have to add it to the address list in the ISA Remote SITE VpN config.
- Marked As Answer byKeith AlabasterMVP, ModeratorSunday, October 11, 2009 11:14 AM
All Replies
I have same error but with Sonicwall to Isa 2006 the vpn connects then drops off later and I see traffic like netbios and dns coming from client computers on remote site (sonicwall) when I ping from isa server to the sonicwall lan ip it says negotiating security, when I ping from my lan it just times out. I am using IP sec preshared key for VPN like i said it does establish and I can access the remote network ping and everything else but then it drops off.
Event ID 21165 source Microsoft Firewall
The Firewall service cannot create the IPsec configuration for the VPN network.
- Same issue here.
The Firewall service cannot create the IPSec configuration for the VPN network.
The failure is due to error: 0x80070001
I'm connected to the network and I can ping it and it can ping me but the connects continues to drop and reset itself.
Suggestions? I got it working for me, I believe this was the solution for this issue for me. I had a lot of issues.
If it is then here is what I did that fixed it.
Open Isa Server Managment
Expand you server name
Click Virtual Private networks (VPN)
Click the remote sites Tab.
Highlight your remote site and click edit or right click and properties
Click the addresses tab
Make sure that the remote Lan address range is listed, (these are the computers behind your sonicwall)
AND MAKE SURE YOUR EXTERNAL ADDRESS (from ISP) of the remote network is listed.
SO from the computers behind your sonicwall go to a whatsmyip.net site and whatever address that shows put in that address tab.
We had to get a static IP address at the remote site (Sonicwall site) so that the vpn would stay up, either that or every time the addresss changed we would have to add it to the address list in the ISA Remote SITE VpN config.
- Marked As Answer byKeith AlabasterMVP, ModeratorSunday, October 11, 2009 11:14 AM
- We experienced this as well with an ISA2004 to Sonicwall on dynamic IP VPN. The ISA could not handle the change in public IP without being rebooted each time the tunnel endpoint was modified.
- Do you have any settings to define who may intiate the connection?
