IPSec Tunnel mode is broken

  • Thread starter Thread starter Dan
  • Start date Start date
D

Dan

Okay, I've tried this on many w2k workstations and w2k
servers and I cannot get it to work. I've followed the MS
article at http://support.microsoft.com/default.aspx?
scid=kb;en-us;252735&Product=win2000 to the "T" and still
no luck. So, unless someone can prove me wrong, tunnel
mode is broken. After setting up the polocies, filters,
etc. and I ping an address within the "IP filter" list
range, it shoots back:

Pinging 192.168.14.1 with 32 bytes of data:

Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.

This is fine while it is negotiating , but eventualy the
ping should go through. Instead, I get this forever along
with the system log filling up with this:

Event Type: Error
Event Source: IPSEC
Event Category: None
Event ID: 4289
Date: 9/23/2003
Time: 9:54:06 PM
User: N/A
Computer: MYCOMP
Description:
The IPSec driver failed the oakley negotiation with
192.168.14.1 since no filter exists to protect packets to
that destination. Please check the configuration on this
machine to ensure at least one filter matches the
destination.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 c1 10 00 c0 ....Á..À
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

This is how it should work:

1. Incoming packet is examined.
2. if source destination match "IP Filter" list, then
it should forward it to the "End Point" IP Address and
IKE negotiations should take place if needed.


Please help!

Thanks,

-Dan
 
I proved myself wrong. You have the create the other side
of the tunnel on the same machine (i.e. two end pooints
for one ipsec tunnel; one end point will be your extip and
and the other endpoint will be the other extip)

-D
 
Back
Top