A
Alfredo Reino
Hi all
I'm trying to set up a test environment for IPSec thru firewall in order to
encrypt traffic to/from some ports.
I did 4 tests establishing a tunnel between 2 servers:
- Using pre-shared keys and NO firewall in between -> OK
- Using pre-shared keys and firewall in between -> OK
- Using certificates and NO firewall in between -> OK
- Using certificates and firewall in between -> PROBLEM
I have captured the traffic and it seems to fail on the ISAKMP second phase
("Quick Mode"). That is, the certificate-based authentication in "Main Mode"
is done correctly. After that, it times out.
The firewall is configured according to Q233256 ("How to enable IPSec
traffic through a firewall"), that is, opening protocol 50 and udp/500.
I have followed through Q257225 ("Basic IPSec troubleshooting in Microsoft
Windows 2000 Server") to no avail.
Both machines are Windows 2000 Server.
Does anyone have an idea about where to look for the problem?
Alfredo
(e-mail address removed)
I'm trying to set up a test environment for IPSec thru firewall in order to
encrypt traffic to/from some ports.
I did 4 tests establishing a tunnel between 2 servers:
- Using pre-shared keys and NO firewall in between -> OK
- Using pre-shared keys and firewall in between -> OK
- Using certificates and NO firewall in between -> OK
- Using certificates and firewall in between -> PROBLEM
I have captured the traffic and it seems to fail on the ISAKMP second phase
("Quick Mode"). That is, the certificate-based authentication in "Main Mode"
is done correctly. After that, it times out.
The firewall is configured according to Q233256 ("How to enable IPSec
traffic through a firewall"), that is, opening protocol 50 and udp/500.
I have followed through Q257225 ("Basic IPSec troubleshooting in Microsoft
Windows 2000 Server") to no avail.
Both machines are Windows 2000 Server.
Does anyone have an idea about where to look for the problem?
Alfredo
(e-mail address removed)