James's Blog

I followed the ISA 2004 point to point documentation listed here, we had issues so I called Microsoft and Sonic Wall to resolve them. The Microsoft tech was very helpful and was even willing to work on the Sonic Wall to get the issue resolved. I believe Microsoft PSS goes the extra mile every time. He verified the ISA server was configured correctly.

To test the IPSec Point to Point connection between the two networks the Microsoft tech used IPSec Monitor. I never thought of using this utility before for an ISA problem. We found that the main mode or phase 1 would negotiate and connect. The Quick Mode or Phase 2 would not connect at all. So we decided to call Sonic Wall tech support. They were not as helpful as PSS but here are a couple of item that the Sonic Wall tech found:

1. The sonic wall uses address objects to define networks, the Zone assignment for a Point to Point or any VPN for that matter needs to be set to VPN.
2. The Type is set to Network and we input the internal network address.
3.This Address Object is set to the destination network; the local network is set to LAN Subnets.
4. The Security Policy authentication method is IKE using PreShareSecret.
5. The IPSec Primary Gateway Name is 65.64.23.193.
6. The shared secret and the proposals need to match on both ends.

What I found last Monday was that the "Enable Perfect Forward Secrecy" was not enabled. Once I enabled that everything started working. I have had a couple of issues where I had to renegotiate the connection. When that did not work I had to restart the Sonic Wall. This has only happened once or twice.