Re: ipsec between 2 XP machine doesn't work

---

• From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 27 Jun 2006 13:26:01 -0500

---

Possibly you don't have compatible settings for quick mode which is where
port exceptions are used unlike main mode. If you have the Windows Firewall
enabled on either computer then disable that assuming doing that would not
put either computer at risk. Ipsec will not work without configuring the
Windows Firewall ipsec exemption. If the Windows Firewall is not the problem
try using an ipsec policy that allows all ports/protocols first in the
filter list before trying to tweak those settings. Also make sure that pre
shared key is at the top of the list of authentication methods or better yet
the only method shown assuming these or not AD domain computers. --- Steve


<getridofthespam@xxxxxxxxx> wrote in message
news:1151422736.602511.115670@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi all,

I configured 2 XP machines to use ipsec.
On the trace I get 6 ISAKMP main mode and 4 IKAKMP
quik mode messages, then communication stops.
preshared keys are configured.

The last lines of the ikelog file:

6-27: 16:03:14:289:4e0 Sending: SA = 0x00165EE0 to 10.10.209.236:Type
4.500
6-27: 16:03:14:289:4e0 ISAKMP Header: (V1.0), len = 84
6-27: 16:03:14:289:4e0 I-COOKIE a2207c8f1a0d6867
6-27: 16:03:14:289:4e0 R-COOKIE 85a312360d977128
6-27: 16:03:14:289:4e0 exchange: Oakley Quick Mode
6-27: 16:03:14:289:4e0 flags: 3 ( encrypted commit )
6-27: 16:03:14:289:4e0 next payload: HASH
6-27: 16:03:14:289:4e0 message ID: 740dc787
6-27: 16:03:14:289:4e0 Ports S:f401 D:f401
6-27: 16:04:43:116:4e0 CE Dead. sa:00165EE0 ce:000EEFA8 status:35f0


anyone who could help get me out? Tnx in advance for all replies.

.

---

• References:
  • ipsec between 2 XP machine doesn't work
    • From: getridofthespam

• Prev by Date: Re: Enable EFS --- GPO Problem
• Next by Date: Cannot unlock PC - Fields grayed out
• Previous by thread: ipsec between 2 XP machine doesn't work
• Next by thread: Re: content advisor pop-up
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IPSEC changes in Service Pack 2 ... > The default state of the Windows firewall will ... >> network. ... It is called the MDU or Mobile Domain Utility ... using IPSEC it authenticates a user's ... (microsoft.public.windowsxp.security_admin) Re: IPSEC ... Except that there is no Windows Firewall in Windows 2000. ... > More specific filter actions will win.... ... Ipsec is a good way to learn how to setup basic ... >> allow any traffic in with a source port of 80 TCP. ... (microsoft.public.win2000.general) Re: IPSEC ... Except that there is no Windows Firewall in Windows 2000. ... > More specific filter actions will win.... ... Ipsec is a good way to learn how to setup basic ... >> allow any traffic in with a source port of 80 TCP. ... (microsoft.public.win2000.security) Re: IPSEC changes in Service Pack 2 ... IPsec requires that inbound traffic be allowed to UPD-500. ... The default state of the Windows firewall will ... > network. ... It is called the MDU or Mobile Domain Utility ... (microsoft.public.windowsxp.security_admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windowsxp.security_admin  > 2006-06