Re: SBS2000 to router IPSEC

---

• From: "cjobes" <cjobes@xxxxxxxxxxxxx>
• Date: Thu, 4 May 2006 18:16:03 -0400

---

In order to find more answers the people at the remote site need to look at
the SonicWall log files or email them to you. You also need to know what
IPSEC tunnel they created. Depending on the SW model there are some known
issues with Branch Office tunnels SW to SBS. Until we know more about the
configuration on the SW and see the logfiles there isn't much to go on.

Claus


"acon" <ezacon@xxxxxxxxxxx> wrote in message
news:u1PQS%237bGHA.864@xxxxxxxxxxxxxxxxxxxxxxx

Sorry, when a say router i mean firewall.
The wan nic of the sbs server is conected to an adsl bridge, and the
internet public (static) address is assigned to this nic, so there is
nothing to configure between the sbs router and internet.

"cjobes" <cjobes@xxxxxxxxxxxxx> escribió en el mensaje
news:u7D43m4bGHA.4672@xxxxxxxxxxxxxxxxxxxxxxx

I'm not asking about the router, I'm asking about the Firewall
(SonicWall). What do you have on your end in front of your SBS?

Claus

"acon" <ezacon@xxxxxxxxxxx> wrote in message
news:e0Nj5%23zbGHA.3344@xxxxxxxxxxxxxxxxxxxxxxx

I d'ont know. The router is at a central office in another country, and
his configuration is responsibility of it people in this office.
I must assume they know what they do, because they connect other
countries brach office with this router/firewall.
My job is to configure the sbs box here in a branch office with the data
provided by central it people.
Acording to the router log, they think that the problem is at isa
server.
I have never configured an ipsec conection with ipsec policies, and i
d'ont even know how to monitor the negotiation process in the sbs side,
or monitor isa activitie in real time.
Another big doubt is where to create the ipsec policies. In a member
server, it shoult be done in local policies MMC, but SBS is domain
controler....


"cjobes" <cjobes@xxxxxxxxxxxxx> escribió en el mensaje
news:OXiw5czbGHA.628@xxxxxxxxxxxxxxxxxxxxxxx

Which SonicWall product are you using?

Claus

"acon" <ezacon@xxxxxxxxxxx> wrote in message
news:O9NIiLubGHA.5116@xxxxxxxxxxxxxxxxxxxxxxx

I need to connect a SBS2000 server and a Sonicwall router with an IPSEC
tunel.
I have configured the router, the IPSEC policies and ISA 2000 but the
tunel does not come up.
The SBS server has 2 nic adapters. One to the local network
(192.168.1.0/24) and the other conected to Internet, througt an adsl
router configured as a bridge (the internet static public address is
asigned to to the external SBS server nic)

Here is what i did:

In secpol.msc mmc in "IPsec local policies" i have created a new
policie with two IP filters:
One from remote lan to local lan, with the SBS public IP as endpoint.
another from local lan to remote lan, with the Sonicwall public
address as endpoint.
I have configured encription and autentication (shared key for now).
In the TCPIP advanced properties of the public nic, i have selected to
use the created IPSEC policie.
In ISA server, i have created tho new IP filters:
One caled ESP for protocol number 50 in both directions, aply to
default IP address interfaces, and from all remotes sites.
the other called 500UDP for port 500 UDP, in both directions, from
local port 500 to remote port 500, default ip..., all remote sites...

I am not sure if tunel negotiation is blocked by ISA. If i look in
"C:\program files\Microsoft ISA Server\ISALogs" i can see files named
WEBEXTD...log, FWSEXTD...log and IPPEXTD...log. The last entry in
these files is from several hours in the past. I d'ont know where i
can dinamicaly monitor the ISA server activity, to look for blocked
packets.

Another thing wich i am not sure is if i have to create the IPsec
policie in secpol.mmc (local policies) or througt a GPO, because the
isa server is also a domain controler.

Somebody has experience with ipsec stuff and sbs? I agree some more
light on any of my doubts.

Thanks

.

---

• Follow-Ups:
  • Re: SBS2000 to router IPSEC
    • From: acon

• References:
  • SBS2000 to router IPSEC
    • From: acon
  • Re: SBS2000 to router IPSEC
    • From: cjobes
  • Re: SBS2000 to router IPSEC
    • From: acon
  • Re: SBS2000 to router IPSEC
    • From: cjobes
  • Re: SBS2000 to router IPSEC
    • From: acon

• Prev by Date: Re: Remote Connection Problems
• Next by Date: Re: what if I add a second domain controller to my network?
• Previous by thread: Re: SBS2000 to router IPSEC
• Next by thread: Re: SBS2000 to router IPSEC
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SBS2000 to router IPSEC ... In local policies or in a GPO aplied to an OU?. ... I am not sure also what IP filters are needed in ISA server to allow trafic ... for a normal IPSEc negociation. ... known issues with Branch Office tunnels SW to SBS. ... (microsoft.public.windows.server.sbs) Re: SBS2000 to router IPSEC ... In local policies or in a GPO aplied to an OU?. ... I am not sure also what IP filters are needed in ISA server to allow ... trafic for a normal IPSEc negociation. ... known issues with Branch Office tunnels SW to SBS. ... (microsoft.public.windows.server.sbs) Re: SBS2000 to router IPSEC ... If i stop ISA services, the IPSEC link works fine. ... I have also tryed with an ISA ip filter that allow all trafic, ... In secpol.msc mmc in "IPsec local policies" i have created a new policie ... (microsoft.public.windows.server.sbs) Re: SBS2000 to router IPSEC ... controler (as SBS is) and the ipsec policie is configures in Local policies. ... Today, after some more testings and a full server restart, it seems like the ... (microsoft.public.windows.server.sbs) Re: SBS2000 to router IPSEC ... Windows server breaks the server's native ability to create pure IPSec ... This was never fixed in ISA 2000. ... the IPSEC policies and ISA 2000 but the ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-05