Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > IPSec question

Reply
Thread Tools Display Modes

IPSec question

 
 
Alex
Guest
Posts: n/a

 
      12-23-2003, 06:23 AM
Hi

I got XP box (NAT-T update installed) behind NAT (freebsd
4.8) and trying to establish IPSec session with Win2003
Server (WinXP-->NAT-->Win2003). It seems that SA is
established (according to eventlog and IPSec monitor) but
no application level protocol (RDP, SMB) can work. Any
suggestions?

Thanks in advance.
Alex
 
Reply With Quote
 
 
 
 
Laura A. Robinson [MVP]
Guest
Posts: n/a

 
      12-23-2003, 07:26 PM
In article <074b01c3c925$a92f7b20$(E-Mail Removed)>,
(E-Mail Removed) says...
> Hi
>
> I got XP box (NAT-T update installed) behind NAT (freebsd
> 4.8) and trying to establish IPSec session with Win2003
> Server (WinXP-->NAT-->Win2003). It seems that SA is
> established (according to eventlog and IPSec monitor) but
> no application level protocol (RDP, SMB) can work. Any
> suggestions?
>
> Thanks in advance.
> Alex
>
What is the IPSec policy in place? What are its settings?

Laura
 
Reply With Quote
 
Alex
Guest
Posts: n/a

 
      12-24-2003, 09:08 AM

>-----Original Message-----
>In article <074b01c3c925$a92f7b20$(E-Mail Removed)>,
>(E-Mail Removed) says...
>> Hi
>>
>> I got XP box (NAT-T update installed) behind NAT
(freebsd
>> 4.8) and trying to establish IPSec session with Win2003
>> Server (WinXP-->NAT-->Win2003). It seems that SA is
>> established (according to eventlog and IPSec monitor)
but
>> no application level protocol (RDP, SMB) can work. Any
>> suggestions?
>>
>> Thanks in advance.
>> Alex
>>
>What is the IPSec policy in place? What are its settings?
>
>Laura

The config is

winxp-->nat-->...-->win2003

and the only nat (dynamic one or pat) is doing port (and
udp address) translation and there is no other nat before
win2003.
udp encapsulated esp packet from winxp comes to nat(pat),
address is changed to external one and udp port is changed
to another(external) port and packet goes out (to
win2003), then reply comes back to that socket and nat
performs reverse translation sending packet back to winxp.

winxp ipsec policy: server(request security)
win2003 ipsec policy: secure server (require security)
sa: preshared key, 3des, sha1 (main mode)

without nat it's working fine.
with nat isakmp sa establishing is ok (according to ipsec
monitor and eventlog) but application level doesn't work

Alex
 
Reply With Quote
 
 
 
Reply

« Request a fix for the NDIS.VXD DRIVE | Controling Windows using Dial-up Server. »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec Filter Question Chupacabra Windows Networking 2 07-24-2006 01:19 PM
Another IPSec tunneling question, this time with NAT! Jordan Mills Windows Networking 0 05-23-2006 11:29 PM
IPSec Question Niki Blowfield Windows Networking 1 05-17-2005 03:52 PM
ISAKMP and IPSec Rookie question Fredly Windows Networking 2 01-27-2005 06:15 AM
IPSec & VPN question hongbing zhu Windows Networking 4 01-12-2005 08:06 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11