You are currently offline, waiting for your internet to reconnect

Packets from the branch office may not reach the destination servers in the central office over a site-to-site VPN connection that you create through ISA Server 2006

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
Consider the following scenario:
  • You use Microsoft Internet Security and Acceleration (ISA) Server 2006 to create a site-to-site VPN connection between a central office and a branch office.
  • The ISA Server 2006 computer is located in the central office.
  • Clients in the branch office use ISA Server to access servers in the central office.
In this scenario, packets from the branch office may not reach the destination servers in the central office. For example, DNS requests from a client in the branch office may not reach the DNS servers in the central office.
CAUSE
This problem occurs because the Microsoft Firewall service incorrectly handles IP address bindings. A site-to-site VPN connection may be lost and then re-created. However, ISA Server still uses the old IP address of the previous virtual network interface for the site-to-site VPN connection.
RESOLUTION
To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
947257 Description of the Internet Security and Acceleration (ISA) Server 2006 hotfix package: January 8, 2008
WORKAROUND
To work around this problem, restart the Microsoft Firewall service on the ISA Server 2006 computer.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Properties

Article ID: 947255 - Last Review: 01/15/2015 17:37:44 - Revision: 1.3

Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006 Standard Edition

  • kbnosurvey kbarchive kbqfe kbexpertiseinter kbprb KB947255
Feedback