Re: Setting up IPSec

From: Louis Solomon [SteelBytes] (louis_at_steelbytes.com)
Date: 05/26/03

• Next message: Beckym: "Windows xp"
• Previous message: Leanne: "Re: NTFS & FAT32 File Systems"
• In reply to: Lionel Fourquaux: "Setting up IPSec"
• Next in thread: Lionel Fourquaux: "Re: Setting up IPSec"
• Reply: Lionel Fourquaux: "Re: Setting up IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 26 May 2003 23:11:37 +1000

is there a NAT involved ? I think I read somewhere about some issues with
IPsec and NAT ... if there is a NAT, do some googling on this.

-- 
Louis Solomon
www.SteelBytes.com
"Lionel Fourquaux" <lionel.fourquaux@fr.wanadoo_swapthesetwowords> wrote in
message news:Ok2s6SwIDHA.2080@tk2msftngp13.phx.gbl...
> [Sorry for the huge cross-post. It's a rather technical question, and I'm
usure on where
> to post so as to find ipsec experts.]
>
> Hello
>
> I'm trying to set up an IPSec tunnel between a personal computer running
WinXP Pro SP1
> (with latest updates) and a remote server in an Unix-only network (this
server is running
> Linux 2.4.20 plus Freeswan, precisely, but I don't think the problem is
due to interoperability
> issues).
>
> The Oakley log shows that connections starts going awry at the end of the
IKE negociation,
> just before the exchange of identities, and fails with a time out. Running
tcpdump on the
> server completes this information: the server send its first encrypted IKE
packet, but the
> client doesn't seem to notice it, and thus keeps resending its last
message.
>
> I haven't been able to find out why WinXP ignores the encrypted packet:
the is no error
> message about it, and it seems to be what is described by the IKE
protocol. The only two
> distinguishing features I can see are that it is encrypted and that it is
fragmented.
>
> Any idea?
>
> Thanks in advance!
>
> -- Lionel Fourquaux
>
>
>

---

• Next message: Beckym: "Windows xp"
• Previous message: Leanne: "Re: NTFS & FAT32 File Systems"
• In reply to: Lionel Fourquaux: "Setting up IPSec"
• Next in thread: Lionel Fourquaux: "Re: Setting up IPSec"
• Reply: Lionel Fourquaux: "Re: Setting up IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: L2TP/IPSec Verbindung läuft mit XP SP2 nicht mehr ... In XPSP2 the IPsec driver needs a registry setting when either the ... server or workstation are behind a NAT gateway. ... 1- Client initiates to a server that is behind the NAT ... > Peer Private Addr ... (microsoft.public.de.german.windowsxp.networking) Re: IPsec VPN connection from Win XP SP2 ... supported scenario to have a nat in front of the ras server. ... If I'm not mistaken IPSec doesn't work over ... > could create a Site-to-Site VPN between them, ... (microsoft.public.windows.server.networking) Re: L2TP/IPSec VPN Configuration ... different NAT. ... MS has at least two KB articles on this subject, and MS says: IPSec ... NAT-T is not recommended for Windows Server 2003 computers that are ... (microsoft.public.windows.server.sbs) Re: IPSEC from behind dumb NAT. How? ... > I've read from mulitple places that ESP IPSEC from behind NAT is ... > No NAT on destination server. ... (microsoft.public.win2000.security) Re: L2TP port? ... The firewall behaves as if it's ipsec services receive the ... even when it's ipsec feature is disabled. ... server' setup still has an ipsec option - but it doesn't work! ... > alterable), it doesn't encapsulate IKE. ... (microsoft.public.isa.vpn)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)