Re: Creating IPSec Policy for Pre-Share Key in VPN not working.

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/25/05 

Date: Tue, 25 Oct 2005 08:50:14 -0500

You don't give a lot of details on how you have your VPN setup but ipsec
will not work if NAT is used in the path between the client and server.
There is a NAT-T client that can be used which primarily is for l2tp/ipsec.
Also if there is a firewall protecting your server then the correct ports
need to be open in the firewall to the VPN server. You may also want to try
pptp which is secure as long as you use complex passwords [say at least 8
characters in length with complexity enabled] and fairly easy to configure.
The security log on the server may have events recorded that may also give a
clue as to what is going on if the traffic ever reached the VPN server. If
the VPN client is protected by a NAT device it needs to be configured to
allow ipsec passthrough in it's configuration options. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B818043 ---
NAT-T
http://support.microsoft.com/default.aspx?scid=kb;en-us;885348 --- more
NAT-T info
http://support.microsoft.com/default.aspx?kbid=885407 --- NAT-T and XP SP2
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/428c1bbf-2ceb-4f76-a1ef-0219982eca10.mspx
--- VPN firewall rules.

"Pr3z" <jboysen@gmail.com> wrote in message
news:1130247072.131408.146870@g44g2000cwa.googlegroups.com...
> Server 2003
>
> I am trying to create a IPSec Policy that will allow the use of a
> Pre-Share key for VPN only. I have created a VPN Security Policy in
> Local Security settings under the IPSEC Policies on Local Computer.
>
> I have it set up to permit traffic for remote acces using a pre-share
> key. Filter action is to negotiate security. Connection type is Remote
> Access. I have the pre-share key in.
>
> Now it doesn't work. It blocks all traffic because when I VPN, I cannot
> map drives. If I change the filter action to Permit then it leaves it
> open and I can VPN and map drives without using a pre-share key. I
> guess I am lost or missing a step as to where I tell it to ask or look
> for the pre-share key.
>
> Can anyone point me in the right direction? I bought a book and have
> spent days searching groups and the internet.
>

Relevant Pages

  • L2TP/IPSec Verbindung läuft mit XP SP2 nicht mehr
    ... workstation2 mit Windows.xp SP1a und IPSec NAT-T Traversal Update, ... Windows 2003 VPN RRAS Server, ...
    (microsoft.public.de.german.windowsxp.networking)
  • Server 2003 macht VPN RRas auf Server Freigabe nicht richtig
    ... Das IPSec würde ich nur ungern auf dem VPN Server einrichten. ... Testhalber habe ich die Richtlinie auch auf dem Server eingerichtet, ...
    (microsoft.public.de.security.netzwerk.sicherheit)
  • Re: Security of a Windows 2003 VPN Question
    ... I was thinking of using IPSec to block access to the box. ... Do you really need IPSec between VPN server and DC? ... Ok, what about the integrity of the box, since there's no firewall on it? ...
    (microsoft.public.windows.server.security)
  • Re: Terminal Services over VPN
    ... Personally we prepared LINUX+Free S/Wan box, which act as IPSec Gate ... between Thin Clients and MS Server. ... >Has anyone used Terminal Services over Microsoft's VPN ...
    (Security-Basics)
  • Re: Cable set up for VPN, BEFvp41 and 2 nic cards
    ... with pptp do I need to set up IPSEC? ... I run cable from modem to the server 1st nic, ... >configure your SBS as your VPN server, ... >port 1723 on the router to your SBS. ...
    (microsoft.public.windows.server.sbs)