Re: ipsec between 2 XP machine doesn't work

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 27 Jun 2006 13:26:01 -0500

Possibly you don't have compatible settings for quick mode which is where
port exceptions are used unlike main mode. If you have the Windows Firewall
enabled on either computer then disable that assuming doing that would not
put either computer at risk. Ipsec will not work without configuring the
Windows Firewall ipsec exemption. If the Windows Firewall is not the problem
try using an ipsec policy that allows all ports/protocols first in the
filter list before trying to tweak those settings. Also make sure that pre
shared key is at the top of the list of authentication methods or better yet
the only method shown assuming these or not AD domain computers. --- Steve

<getridofthespam@xxxxxxxxx> wrote in message
news:1151422736.602511.115670@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi all,

I configured 2 XP machines to use ipsec.
On the trace I get 6 ISAKMP main mode and 4 IKAKMP
quik mode messages, then communication stops.
preshared keys are configured.

The last lines of the ikelog file:

6-27: 16:03:14:289:4e0 Sending: SA = 0x00165EE0 to 10.10.209.236:Type
4.500
6-27: 16:03:14:289:4e0 ISAKMP Header: (V1.0), len = 84
6-27: 16:03:14:289:4e0 I-COOKIE a2207c8f1a0d6867
6-27: 16:03:14:289:4e0 R-COOKIE 85a312360d977128
6-27: 16:03:14:289:4e0 exchange: Oakley Quick Mode
6-27: 16:03:14:289:4e0 flags: 3 ( encrypted commit )
6-27: 16:03:14:289:4e0 next payload: HASH
6-27: 16:03:14:289:4e0 message ID: 740dc787
6-27: 16:03:14:289:4e0 Ports S:f401 D:f401
6-27: 16:04:43:116:4e0 CE Dead. sa:00165EE0 ce:000EEFA8 status:35f0

anyone who could help get me out? Tnx in advance for all replies.

References:
- ipsec between 2 XP machine doesn't work
  - From: getridofthespam

Prev by Date: Re: Enable EFS --- GPO Problem
Next by Date: Cannot unlock PC - Fields grayed out
Previous by thread: ipsec between 2 XP machine doesn't work
Next by thread: Re: content advisor pop-up
Index(es):
- Date
- Thread

Relevant Pages

Re: sysvol replication breaks when IPSec running between DCs & fir
... IPSec" as per as per Steve Riley ... I do not know how to write a firewall rule to ensure that IP ... Riley says you can "Encapsulate domain controller traffic inside ... the IPsec exists underneath the Windows Firewall ...
(microsoft.public.windows.server.active_directory)
Re: sysvol replication breaks when IPSec running between DCs & firewal
... The FRS replication between DCs blocks when you enable the IPSec to encrypt ... IPSec traffic to pass? ... the IPsec exists underneath the Windows Firewall ... for domain controller group in the domain. ...
(microsoft.public.windows.server.active_directory)
Re: IPSEC changes in Service Pack 2
... > The default state of the Windows firewall will ... >> network. ... It is called the MDU or Mobile Domain Utility ... using IPSEC it authenticates a user's ...
(microsoft.public.windowsxp.security_admin)
Re: IPSEC
... Except that there is no Windows Firewall in Windows 2000. ... > More specific filter actions will win.... ... Ipsec is a good way to learn how to setup basic ... >> allow any traffic in with a source port of 80 TCP. ...
(microsoft.public.win2000.general)
Re: IPSEC
... Except that there is no Windows Firewall in Windows 2000. ... > More specific filter actions will win.... ... Ipsec is a good way to learn how to setup basic ... >> allow any traffic in with a source port of 80 TCP. ...
(microsoft.public.win2000.security)