Article ID: 891229
Article Last Modified on 2/17/2005
APPLIES TO
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition
SYMPTOMS
When you try to create an ISA Server rule to publish an internal Internet Protocol security (IPsec) server by using the IPsec Encapsulating Security Protocol (ESP) Server protocol in Microsoft Internet Security and Acceleration (ISA) Server 2004, the following error message is logged in the Application log:
Server publishing rule [ServerPublishingRuleName] failed. The protocol specified cannot be used for publishing. Location 325.725.4.0.2161.50.
CAUSE
This problem occurs because the IPsec ESP Server protocol cannot be used for publishing. The IPsec ESP Server protocol is an incoming protocol used in virtual private network (VPN) site-to-site system policy rules to enable IPsec ESP traffic to ISA Server.
Note The protocol description of the IPsec ESP Server protocol in the ISA Server New Server Publishing Rule wizard is incorrect.
WORKAROUND
To work around this problem, use the IPsec network address translation traversal (NAT-T) Server protocol to publish an IPsec server.
Note The IPsec server that you want to publish must have the NAT-T update installed. For additional information about the L2TP/IPsec NAT-T update for Windows XP and Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
818043 L2TP/IPsec NAT-T update for Windows XP and Windows 2000
Note If the IPsec server that you want to publish is a Layer Two Tunneling Protocol (L2TP) server, then the IPsec server must be running Windows Server 2003 because the Windows 2000 Routing and Remote Access service does not support NAT-T remote access connections.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Keywords: kbprb KB891229
