IPSec Tunel

[Silmar]

Hi,

I've one Windows XP Pro and one Windows 2000 Pro. On both I have VMWare
installed which are running Windows 2000 Pro. They connect to my intranet
through VMWare NAT service.
So I've something like that:

VM1 Win2kPro <= (192.168.34.0/24) VM1 NAT (172.22.101.30) => Intranet <=
(172.22.101.21) VM2 NAT (192.168.228.0/24) => VM2 Win2kPro

Both VM Win2kPro has update 818043 installed.
Now I'm trying to setup IPSec tunel between VM1 and VM2 Win2kPros.

On the first one I've configured IP Filter List:
- 1st filter with source network address 192.168.34.0/24 and destination
network address 192.168.228.0/24 not mirrored
- 2nd filter with source network address 192.168.228.0/24 and destination
network address 192.168.34.0/24 not mirrored
Then I configured Filter Actions as "negotiate security" and "encryption and
security (ESP)".
As authentication method I set some preshared key.
In tunel settings I entered 172.22.101.21 as tunel endpoint.
And connection type I set LAN.

On the second VM Win2kPro I've the same settings except of tunel endpoint IP
which is 172.22.101.30.

But when I try ping VM2 Win2kPro from VM1 Win2kPro I get only "negotiate
security" message.
Could you verify my settings and help me set it correctly?

Regards
Silmar

 

[Jorge Coronel[MSFT]]

If you are behind a NAT as I understand from your description; Ipsec in
tunnel mode won't work; and in order to get Ipsec Transport mode work you
will need to install the NAT-T patch on your W2k boxes.

JC

 

[Silmar]

If you are behind a NAT as I understand from your description; Ipsec in

tunnel mode won't work; and in order to get Ipsec Transport mode work you
will need to install the NAT-T patch on your W2k boxes.

Is this patch update 818043
(http://support.microsoft.com/?scid=kb;LN;818043) or it's something else?

Regards
Silmar

 

[Mark Swift [MSFT]]

Yes, that is the correct patch update.