VPN Connection

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: Matt <Matt@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 22 Aug 2007 09:08:04 -0700

---

We are trying to create a VPN tunnel between an ISA 2006 unit and a
Watchguard SOHO unit at the branch office. We have set up the phase 1 and
phase 2 settings but we are having trouble creating the tunnel.

We are receiving two errors in our event logs (541 followed by 543)
repeatedly.

The errors are:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 541
Date: 8/19/2007
Time: 10:34:30 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: FWALL
Description:
IKE security association established.
Mode:
Key Exchange Mode (Main Mode)

Peer Identity:
Preshared key ID.
Peer IP Address: x.x.x.x (Remote IP address)

Filter:
Source IP Address y.y.y.y
Source IP Address Mask 255.255.255.255
Destination IP Address x.x.x.x
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr y.y.y.y
IKE Peer Addr x.x.x.x
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

Parameters:
ESP Algorithm DES CBC
HMAC Algorithm SHA
Lifetime (sec) 3600
MM delta time (sec) 1

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 543
Date: 8/19/2007
Time: 10:36:29 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: FWALL
Description:
IKE security association ended.
Mode: Key Exchange (Main mode)
Filter:
Source IP Address y.y.y.y
Source IP Address Mask 255.255.255.255
Destination IP Address x.x.x.x
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr y.y.y.y
IKE Peer Addr x.x.x.x
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


I have hidden the IP addresses for security but I am happy that they correct
as we had this working with our previous firewall. It looks like the Phase 1
is being created and then disconnecting but I am unsure why this is. Should
we be expecting to see phase 2 connecting in the logs?

Any light that can be shed on this would be of great help.

Thank you in advance.
.

---

• Prev by Date: Re: Anonymous Myspace Proxy
• Next by Date: Re: ISA 2006 default security
• Previous by thread: Re: ISA 2004 How to Open Ports
• Next by thread: WSUS and ISA
• Index(es):
  • Date
  • Thread

---

Relevant Pages ISA 2004 security events ... security alerts from our event trigger utility. ... IKE Local Addr 64.130.90.180 ... IKE Source Port 500 ... IKE Destination Port 500 ... (microsoft.public.isaserver) Re: Windows 2000 IPSEC to Netgear box: IKE security association negotiation failed. ... > IKE security association negotiation failed. ... > IKE Source Port 500 ... > IKE Destination Port 500 ... > Peer Private Addr ... (microsoft.public.win2000.security) Re: Windows 2000 IPSEC to Netgear box: IKE security association negotiation failed. ... > IKE security association negotiation failed. ... > IKE Source Port 500 ... > IKE Destination Port 500 ... > Peer Private Addr ... (microsoft.public.win2000.security) Re: Windows 2000 IPSEC to Netgear box: IKE security association negotiation failed. ... > IKE security association negotiation failed. ... > IKE Source Port 500 ... > IKE Destination Port 500 ... > Peer Private Addr ... (microsoft.public.win2000.security) Microsoft IKE DoS... source port 500? ... _not_ a source port of 500 which is always associated with IKE ... production networks IKE packets always have a source port of 500. ... Deciding to go right to the source, I referred to the ISAKMP RFC: ... (Vuln-Dev)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2007-08