You cannot remotely manage ISA Server 2004 in a network environment where IPSec is enforced

If you install Microsoft Internet Security and Acceleration (ISA) Server 2004 in a network environment where IPSec is enforced, ISA Server can be remotely managed for a short time. However, after the existing IPSec session expires, the ISA Server-based computer is not available for remote access.

This issue occurs because ISA Server 2004 does not permit Internet Key Exchange (IKE) traffic. Therefore, the IPSec session cannot be renewed.

To work around this issue and make it possible to use remote management of ISA Server in an IPSec environment, create a rule that makes it possible to use IKE protocol traffic to the Local Host network. To use a predefined protocol definition for IKE, start ISA Server Management, and then click Protocols on the Toolbox menu. The IKE Client protocol definition defines a primary connection for UDP port 500 (SendReceive).

For additional information about administration and management of ISA Server 2004, visit the following Microsoft "ISA Server 2004 Administering FAQ" Web site: