How can i use preshared key option using IPSECCMD?

[sunny]

Hi.. I'm Sunhee.

My question is how to use preshared key parameter using IPSECCMD
command.

This is my test scenario. I set ipsec on 2 PCs using IPSECCMD as
follwoing.
------------------------------------------------------------------
PC1) ipseccmd -f 192.168.1.193+192.168.1.194 -n ah[md5] -a p:"ims"
PC2) ipseccmd -f 192.168.1.194+192.168.1.193 -n ah[md5] -a p:"ims"
------------------------------------------------------------------
and then I send ping from pc1 to pc2.

I thought that there was no key exchage(ISAKMP) if i set [-a p:"test"]
option.
But, PC1 still sent ISAKMP pakcet.

I wonder why pc1 send ISAKMP packet?
As I know isakmp paket is used to exchange keys and alogrithms.
But, I already set "Preshared key" and "algorithm".

My test senario was worong??

Actually, there's something strange.
After I set like upper.
I checked local SA using "ipseccmd show sas" command.
but, thers was no SAs.
Only after sending ping, I can see a SAs.

Can I make a SA using IPSECCMD command?
Maybe ISAKMP packet was sended, because there was no SA.

Please give me some advice.
Thnak you in advanced.

 

[sunny]

Ana another question.

How can i set SPI value?

I also tested IPSec6 command on XP.
and I can set SPI value in the "xxx.sad" file which is used by ipsec6
command.

but, ipseccmd command makes some random spi values. I can see spi
values using "ipseccmd show sas".
Is it possible to set spi values manually?

Thank you.

 

[Stephen Cartwright [MSFT]]

there is a new ipsec newsgroup that would be well suited for this type of
question
microsoft.public.windows.networking.ipsec

I'm not aware the you can manually set the SPI. I thought the systen
calculated as part of the SA negotiation.