Re: IPSEC
From: David Beder [MSFT] (dbeder_at_online.microsoft.com)
Date: 10/12/04
- Next message: WhoC_at_nItbN0W: "Flush Clipboard"
- Previous message: Steven L Umbach: "Re: Domain Isolation Security using IPSEC"
- In reply to: David: "Re: IPSEC"
- Next in thread: David: "Re: IPSEC"
- Reply: David: "Re: IPSEC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Oct 2004 23:17:27 -0700
Ok, this doesn't seem to be exactly the setup in the kb which would just
have a tunnel between a single win2k3 machine and the cisco router while
your scenario adds a third machine into the mix. Between which machines are
you trying to build a tunnel? It's the ipsec filters on those machines that
we should look at.
-- David Microsoft Windows Networking This posting is provided "AS IS" with no warranties, and confers no rights. "David" <David@discussions.microsoft.com> wrote in message news:E1DBC393-D486-44A1-8D4E-F43C9235A850@microsoft.com... > That would explain the netdiag issue, thanks! > > Also, there seems to be a bit of a communication glitch, the cisco router > doesn't do much of anything, its just a small 2 port router to keep the > windows domains seperate. I'm not trying to put an ipsec policy on that, > it > should just pass packets along to the appropriate IP regardless of > encryption > right? > > Ip addresses: > all use subnet mask 255.255.224.0 > 4 networks in total, 192.168.32.0, 64.0, 96.0, and 128.0 > > int - ext - cisco-cisco - ext - int > 32.1 -64.1 - 64.2 - 96.1 - 96.2 - 128.1 > > Hope that mini diagram makes sence, the int - ext are the internal and > external IP's of the win2k3 domain routers, and the cisco-cisco is the 2 > ports of the cisco router. > > As for filters, bit trickier to get that info to you, as thats on school > computers and other group members computers. Can you tell me anything > specific you'd look for perhaps? I'm certain that I followed the KB > article > to the letter, I did it twice, and had 3 group members watching over my > shoulder as I did it. > > And I'm using a pre-shared key for authentication: 'test test test' (this > network we're building has no access to the net, so there's no issue in > saying any private info) > > "David Beder [MSFT]" wrote: > >> netdiag doesn't have ipsec support in ws03. on the newer platform you >> need >> to use the dynamic ipsec context of the command-line netsh (netsh ipsec >> dynamic) shell, or the ipsec monitor mmc snap-in. >> >> I will try and track down the current owner of this kb and have the >> content >> updated. I'm feeling a bit blind but I still can't find where it tells >> you >> to create a policy on the cisco server so I'll try and get that noted as >> well. >> >> Please post back with the ip addresses of the interfaces you've got as >> well >> as what each filter on each box looks like and we'll see where the config >> is >> off. If you're not putting this together using a pre-shared key, what >> auth >> menthod have you chosen? >
- Next message: WhoC_at_nItbN0W: "Flush Clipboard"
- Previous message: Steven L Umbach: "Re: Domain Isolation Security using IPSEC"
- In reply to: David: "Re: IPSEC"
- Next in thread: David: "Re: IPSEC"
- Reply: David: "Re: IPSEC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
