IPSec tunnel

[Guest]

Has anyone ever gotten an IPSec tunnel (not L2TP)working
on Windows 2000 SP4 ? I have followed all the
documentation to the letter and have gotten it to work 2
times out of 20 tries.
I am wondering if SP4 is the problem. I am going to try it
with no service packs. It fails at Quick Mode negotiation
even though everything in the filter actions match. Here
are the last few lines of the Oakley debug log:
1-21: 07:25:59:1c4 Loading tunnelling SA
1-21: 07:25:59:1c4 SRC PORT = 0 DST PORT=0
1-21: 07:25:59:1c4 HMAC algo 1
1-21: 07:25:59:1c4 ESP Algo 1 ConKeyLen 8 KeyLen 24
1-21: 07:25:59:1c4 Filter SRC port=0
1-21: 07:25:59:1c4 Filter DST port=0
1-21: 07:25:59:1c4 LifetimeSec 3600
1-21: 07:25:59:1c4 LifetimeKB 100000
1-21: 07:25:59:1c4 NotifyLifetimeSec 0
1-21: 07:25:59:1c4 NotifyLifetimeKB 0
1-21: 07:25:59:1c4 Update: src = 172.16.2.0.0000, dst =
10.10.10.0.0000, proto = 00, context = 85353D48, tunnel
endpt = xxx.xxx.32.82, SrcMask = 255.255.255.0, DestMask
= 255.255.255.0 SPI=-1773298788 Lifetime = 3600
LifetimeKBytes 100000 EncapType 1
1-21: 07:25:59:1c4 Encap Ports Src 500 Dst 500
1-21: 07:25:59:1c4 Adding SPI to SA: -1773298788
1-21: 07:25:59:1c4 Spi flags 2
1-21: 07:25:59:1c4 isadb_set_status sa:00239430
centry:002359B0 status 0
1-21: 07:25:59:1c4 CE Dead. sa:00239430 ce:002359B0
status:0
1-21: 07:25:59:1c4 Throw: State mask=34080

 

[bob]

A pure IPSec tunnel will not work between 2 Dell 650
servers equipped with Intel Pro 1000 MT NICs. If one NIC
is different then the tunnel will establish. This appears
to be a conflict between the Pro 1000 MT drivers and the
windows 2000 IPSec implementation. The event logs show the
tunnel establish, but no traffic will pass. This indicates
that the event logs are unable to be used in
troubleshooting of a problem past the establishment of
Quick mode. The Oakley.log only indicates that the CE is
dead, not much help.