Re: IPSEC

From: David (David_at_discussions.microsoft.com)
Date: 10/08/04

Next message: Mr. Kurtz: "Re: keeping kids off computer"
Previous message: Neil: "Re: Am I being spied?"
In reply to: David Beder [MSFT]: "Re: IPSEC"
Next in thread: David Beder [MSFT]: "Re: IPSEC"
Reply: David Beder [MSFT]: "Re: IPSEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 7 Oct 2004 15:15:01 -0700

That would explain the netdiag issue, thanks!

Also, there seems to be a bit of a communication glitch, the cisco router
doesn't do much of anything, its just a small 2 port router to keep the
windows domains seperate. I'm not trying to put an ipsec policy on that, it
should just pass packets along to the appropriate IP regardless of encryption
right?

Ip addresses:
all use subnet mask 255.255.224.0
4 networks in total, 192.168.32.0, 64.0, 96.0, and 128.0

int - ext - cisco-cisco - ext - int
32.1 -64.1 - 64.2 - 96.1 - 96.2 - 128.1

Hope that mini diagram makes sence, the int - ext are the internal and
external IP's of the win2k3 domain routers, and the cisco-cisco is the 2
ports of the cisco router.

As for filters, bit trickier to get that info to you, as thats on school
computers and other group members computers. Can you tell me anything
specific you'd look for perhaps? I'm certain that I followed the KB article
to the letter, I did it twice, and had 3 group members watching over my
shoulder as I did it.

And I'm using a pre-shared key for authentication: 'test test test' (this
network we're building has no access to the net, so there's no issue in
saying any private info)

"David Beder [MSFT]" wrote:

> netdiag doesn't have ipsec support in ws03. on the newer platform you need
> to use the dynamic ipsec context of the command-line netsh (netsh ipsec
> dynamic) shell, or the ipsec monitor mmc snap-in.
>
> I will try and track down the current owner of this kb and have the content
> updated. I'm feeling a bit blind but I still can't find where it tells you
> to create a policy on the cisco server so I'll try and get that noted as
> well.
>
> Please post back with the ip addresses of the interfaces you've got as well
> as what each filter on each box looks like and we'll see where the config is
> off. If you're not putting this together using a pre-shared key, what auth
> menthod have you chosen?

Next message: Mr. Kurtz: "Re: keeping kids off computer"
Previous message: Neil: "Re: Am I being spied?"
In reply to: David Beder [MSFT]: "Re: IPSEC"
Next in thread: David Beder [MSFT]: "Re: IPSEC"
Reply: David Beder [MSFT]: "Re: IPSEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IPSEC
... have a tunnel between a single win2k3 machine and the cisco router while ... > Also, there seems to be a bit of a communication glitch, the cisco router ... I'm not trying to put an ipsec policy on that, ...
(microsoft.public.security)
Re: cisco / microsoft -- what is the VPN IPsec alternative????
... > Is there some good software solution for setting up a VPN (IPsec, firewall, ... > I have been advised to simply by a hardware solution (Cisco router), ... > flexibility, and I don't like the Microsoft one because 1) it is Microsoft, 2) ...
(comp.security.misc)
IPSEC
... I'm a student trying to implement IPSEC on a makeshift ... network running windows 2003. ... cisco router, ...
(microsoft.public.security)
Re: IPSEC
... netdiag doesn't have ipsec support in ws03. ... > network running windows 2003. ... > cisco router, ...
(microsoft.public.security)