Re: SBS2000 to router IPSEC
- From: "cjobes" <cjobes@xxxxxxxxxxxxx>
- Date: Thu, 4 May 2006 10:48:01 -0400
I'm not asking about the router, I'm asking about the Firewall (SonicWall).
What do you have on your end in front of your SBS?
Claus
"acon" <ezacon@xxxxxxxxxxx> wrote in message
news:e0Nj5%23zbGHA.3344@xxxxxxxxxxxxxxxxxxxxxxx
I d'ont know. The router is at a central office in another country, and his
configuration is responsibility of it people in this office.
I must assume they know what they do, because they connect other countries
brach office with this router/firewall.
My job is to configure the sbs box here in a branch office with the data
provided by central it people.
Acording to the router log, they think that the problem is at isa server.
I have never configured an ipsec conection with ipsec policies, and i
d'ont even know how to monitor the negotiation process in the sbs side, or
monitor isa activitie in real time.
Another big doubt is where to create the ipsec policies. In a member
server, it shoult be done in local policies MMC, but SBS is domain
controler....
"cjobes" <cjobes@xxxxxxxxxxxxx> escribió en el mensaje
news:OXiw5czbGHA.628@xxxxxxxxxxxxxxxxxxxxxxx
Which SonicWall product are you using?
Claus
"acon" <ezacon@xxxxxxxxxxx> wrote in message
news:O9NIiLubGHA.5116@xxxxxxxxxxxxxxxxxxxxxxx
I need to connect a SBS2000 server and a Sonicwall router with an IPSEC
tunel.
I have configured the router, the IPSEC policies and ISA 2000 but the
tunel does not come up.
The SBS server has 2 nic adapters. One to the local network
(192.168.1.0/24) and the other conected to Internet, througt an adsl
router configured as a bridge (the internet static public address is
asigned to to the external SBS server nic)
Here is what i did:
In secpol.msc mmc in "IPsec local policies" i have created a new policie
with two IP filters:
One from remote lan to local lan, with the SBS public IP as endpoint.
another from local lan to remote lan, with the Sonicwall public address
as endpoint.
I have configured encription and autentication (shared key for now).
In the TCPIP advanced properties of the public nic, i have selected to
use the created IPSEC policie.
In ISA server, i have created tho new IP filters:
One caled ESP for protocol number 50 in both directions, aply to default
IP address interfaces, and from all remotes sites.
the other called 500UDP for port 500 UDP, in both directions, from local
port 500 to remote port 500, default ip..., all remote sites...
I am not sure if tunel negotiation is blocked by ISA. If i look in
"C:\program files\Microsoft ISA Server\ISALogs" i can see files named
WEBEXTD...log, FWSEXTD...log and IPPEXTD...log. The last entry in these
files is from several hours in the past. I d'ont know where i can
dinamicaly monitor the ISA server activity, to look for blocked packets.
Another thing wich i am not sure is if i have to create the IPsec
policie in secpol.mmc (local policies) or througt a GPO, because the isa
server is also a domain controler.
Somebody has experience with ipsec stuff and sbs? I agree some more
light on any of my doubts.
Thanks
.
- Follow-Ups:
- Re: SBS2000 to router IPSEC
- From: acon
- Re: SBS2000 to router IPSEC
- References:
- SBS2000 to router IPSEC
- From: acon
- Re: SBS2000 to router IPSEC
- From: cjobes
- Re: SBS2000 to router IPSEC
- From: acon
- SBS2000 to router IPSEC
- Prev by Date: Re: Trend CSM 3.0 Upgrade and Move to D Partition
- Next by Date: RE: Shared Fax Service
- Previous by thread: Re: SBS2000 to router IPSEC
- Next by thread: Re: SBS2000 to router IPSEC
- Index(es):
Relevant Pages
|
Loading
