You cannot remotely manage ISA Server 2004 in a network environment where IPSec is enforced (891260)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition

SYMPTOMS

If you install Microsoft Internet Security and Acceleration (ISA) Server 2004 in a network environment where IPSec is enforced, ISA Server can be remotely managed for a short time. However, after the existing IPSec session expires, the ISA Server-based computer is not available for remote access.

CAUSE

This issue occurs because ISA Server 2004 does not permit Internet Key Exchange (IKE) traffic. Therefore, the IPSec session cannot be renewed.

WORKAROUND

To work around this issue and make it possible to use remote management of ISA Server in an IPSec environment, create a rule that makes it possible to use IKE protocol traffic to the Local Host network. To use a predefined protocol definition for IKE, start ISA Server Management, and then click Protocols on the Toolbox menu. The IKE Client protocol definition defines a primary connection for UDP port 500 (SendReceive).

MORE INFORMATION

For additional information about administration and management of ISA Server 2004, visit the following Microsoft "ISA Server 2004 Administering FAQ" Web site:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/faq-administering.mspx

Modification Type:MajorLast Reviewed:2/9/2005
Keywords:kbIPSec kbtshoot kbinfo KB891260 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.