hello,
did anyone tried to establish a VPN tunnel between ROS and MS ISA2004?
It works but not entirely 
.
The IPSEC tunnel between local and remote subnets works OK.
The problem arises beacuse ISA 2004 wants to establish a separate tunnel with its external IP as source network and ROS remote subnet.
If I make a separate IPSEC policy for PublicISAIP/32 to ROSInternal/24 the working tunnel fails (ISAInternal-ROSInternal) and then this happens:
- I can ping from ISA server to ROSInternal/24 and I CANNOT ping ISAInternal/24-RosInternal/24
- I CANNOT ping from ISA server to ROSInternal/24 and I CAN ping ISAInternal/24-ROSInternal/24
The two situations change every few minutes (Independent of IPSEC proposal and peer lifetimes)
Also It would be about time for Mikrotik to fix the PING bug from terminal (select interface) so I could make a script to monitor IPSEC tunnels and flush them if they are not working! Submited a bug report over a month ago.
Huntah