Re: Need help with ipsec policy

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"Jim H" <jimh@xxxxxxxxxxxxx> wrote in message
news:eJBmYR2DJHA.5196@xxxxxxxxxxxxxxxxxxxxxxx
We are trying to setup an IPSec tunnel from one office to another as a VPN
tunnel using a Win2003 server on one side and a Cisco Router on the
other.. We have followed the instructions from kb article:
http://support.microsoft.com/kb/816514/en-us#255 but we can't seem to get
it to work.

The office with the Cisco router insists their setup is correct and they
have done IPSec tunnels before. I'm inclined to believe him. To test our
setup we setup another Win2003 server at one of our satellite offices and
tried to get them to build a tunnel. Both machines were setup using the
above instructions. It seems to me that when we try to ping a netB
private IP from netA that the Windows server does not know how to route
the packets. We setup a route in RRAS on netA for the private netB subnet
to go out through the outside facing NIC with the external NIC address of
netB's server as the gateway. Now I know this is not a valid gateway as
it is not on our gateway's external subnet, but that's what the directions
say to do and I thought maybe there was some magic in the IPSec policy
that made this work.

1. make sure the IPsec tunnel is actually really "up"

2. Both LANs need to "understand" that their respective "VPN Router"
(whether RRAS box or Cisco router) is the "gateway" to the opposite LAN.
The VPN device could be perfectly happy,...but if nobody knows to use it as
the "path" to the other LAN the traffic is never going to get to it,...let
alone go over it.

3. The VPN Devices themselves should already be aware of each other and
aware of the opposite LAN because they are "directly connected" to them.

Anything beyond that I do not know. There are some others here that are
more skilled with RRAS than I.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


.

Relevant Pages

  • Re: [SLE] How do I mount a remote drive via vpn
    ... I setup my office as a server and my home as ... >>my nfs server which was on the same IP I could ping. ... > the tunnel terminate are identified by the tunnel IP's when connected. ...
    (SuSE)
  • Need help with ipsec policy
    ... We are trying to setup an IPSec tunnel from one office to another as a VPN ... tunnel using a Win2003 server on one side and a Cisco Router on the other.. ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS 2003 can create Tunnels?
    ... I believe for RRAS to soley be your site-to-site VPN solution from server to ... i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose, ... I want to create this tunnel through the RRAS 2003,Can i? ...
    (microsoft.public.windows.server.networking)
  • Re: [SLE] How do I mount a remote drive via vpn
    ... > my nfs server which was on the same IP I could ping. ... the tunnel terminate are identified by the tunnel IP's when connected. ... When you setup NFS at the office in exports specify 10.0.1.2 as the IP address ...
    (SuSE)
  • Re: Network Setup from NT 4.0 to SBS 2003
    ... Do you mean that you want to eliminate the NT 4.0 server now and replace it ... There server IP address is 192.168.1.26 The DHCP ... address from the Cisco Router in order to have internet access. ... I would like to temporarily setup the SBS ...
    (microsoft.public.windows.server.sbs)