Microsoft KB Archive/891260

= You cannot remotely manage ISA Server 2004 in a network environment where IPSec is enforced =

Article ID: 891260

Article Last Modified on 2/9/2005

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





SYMPTOMS
If you install Microsoft Internet Security and Acceleration (ISA) Server 2004 in a network environment where IPSec is enforced, ISA Server can be remotely managed for a short time. However, after the existing IPSec session expires, the ISA Server-based computer is not available for remote access.



CAUSE
This issue occurs because ISA Server 2004 does not permit Internet Key Exchange (IKE) traffic. Therefore, the IPSec session cannot be renewed.



WORKAROUND
To work around this issue and make it possible to use remote management of ISA Server in an IPSec environment, create a rule that makes it possible to use IKE protocol traffic to the Local Host network. To use a predefined protocol definition for IKE, start ISA Server Management, and then click Protocols on the Toolbox menu. The IKE Client protocol definition defines a primary connection for UDP port 500 (SendReceive).



MORE INFORMATION
For additional information about administration and management of ISA Server 2004, visit the following Microsoft &quot;ISA Server 2004 Administering FAQ&quot; Web site:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/faq-administering.mspx

Keywords: kbinfo kbtshoot kbipsec KB891260

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.