Article ID: 891229 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
When you try to create an ISA Server rule to publish an internal Internet Protocol security (IPsec) server by using the IPsec Encapsulating Security Protocol (ESP) Server protocol in Microsoft Internet Security and Acceleration (ISA) Server 2004, the following error message is logged in the Application log:
Server publishing rule [ServerPublishingRuleName] failed. The protocol specified cannot be used for publishing. Location 325.7126.96.36.1991.50.
This problem occurs because the IPsec ESP Server protocol cannot be used for publishing. The IPsec ESP Server protocol is an incoming protocol used in virtual private network (VPN) site-to-site system policy rules to enable IPsec ESP traffic to ISA Server.
Note The protocol description of the IPsec ESP Server protocol in the ISA Server New Server Publishing Rule wizard is incorrect.
To work around this problem, use the IPsec network address translation traversal (NAT-T) Server protocol to publish an IPsec server.
Note The IPsec server that you want to publish must have the NAT-T update installed. For additional information about the L2TP/IPsec NAT-T update for Windows XP and Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
818043Note If the IPsec server that you want to publish is a Layer Two Tunneling Protocol (L2TP) server, then the IPsec server must be running Windows Server 2003 because the Windows 2000 Routing and Remote Access service does not support NAT-T remote access connections.
(http://support.microsoft.com/kb/818043/ )L2TP/IPsec NAT-T update for Windows XP and Windows 2000
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.