"The protocol specified cannot be used for publishing" error is logged when you try to publish an internal IPsec server by using the IPsec ESP Server protocol in Internet Security and Acceleration Server 2004

When you try to create an ISA Server rule to publish an internal Internet Protocol security (IPsec) server by using the IPsec Encapsulating Security Protocol (ESP) Server protocol in Microsoft Internet Security and Acceleration (ISA) Server 2004, the following error message is logged in the Application log:

Server publishing rule [ServerPublishingRuleName] failed. The protocol specified cannot be used for publishing. Location 325.725.4.0.2161.50.

This problem occurs because the IPsec ESP Server protocol cannot be used for publishing. The IPsec ESP Server protocol is an incoming protocol used in virtual private network (VPN) site-to-site system policy rules to enable IPsec ESP traffic to ISA Server.

Note The protocol description of the IPsec ESP Server protocol in the ISA Server New Server Publishing Rule wizard is incorrect.

To work around this problem, use the IPsec network address translation traversal (NAT-T) Server protocol to publish an IPsec server.

Note The IPsec server that you want to publish must have the NAT-T update installed. For additional information about the L2TP/IPsec NAT-T update for Windows XP and Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: Note If the IPsec server that you want to publish is a Layer Two Tunneling Protocol (L2TP) server, then the IPsec server must be running Windows Server 2003 because the Windows 2000 Routing and Remote Access service does not support NAT-T remote access connections.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.