Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot remotely manage ISA Server 2004 in a network environment where IPSec is enforced


View products that this article applies to.

Symptoms

If you install Microsoft Internet Security and Acceleration (ISA) Server 2004 in a network environment where IPSec is enforced, ISA Server can be remotely managed for a short time. However, after the existing IPSec session expires, the ISA Server-based computer is not available for remote access.

↑ Back to the top


Cause

This issue occurs because ISA Server 2004 does not permit Internet Key Exchange (IKE) traffic. Therefore, the IPSec session cannot be renewed.

↑ Back to the top


Workaround

To work around this issue and make it possible to use remote management of ISA Server in an IPSec environment, create a rule that makes it possible to use IKE protocol traffic to the Local Host network. To use a predefined protocol definition for IKE, start ISA Server Management, and then click Protocols on the Toolbox menu. The IKE Client protocol definition defines a primary connection for UDP port 500 (SendReceive).

↑ Back to the top


More information

For additional information about administration and management of ISA Server 2004, visit the following Microsoft "ISA Server 2004 Administering FAQ" Web site:

↑ Back to the top


Keywords: KB891260, kbinfo, kbtshoot, kbipsec

↑ Back to the top

Article Info
Article ID : 891260
Revision : 3
Created on : 2/9/2005
Published on : 2/9/2005
Exists online : False
Views : 348