IPSec question

Discussion in 'Server Networking' started by Alex, Dec 23, 2003.

  1. Alex

    Alex Guest

    Hi

    I got XP box (NAT-T update installed) behind NAT (freebsd
    4.8) and trying to establish IPSec session with Win2003
    Server (WinXP-->NAT-->Win2003). It seems that SA is
    established (according to eventlog and IPSec monitor) but
    no application level protocol (RDP, SMB) can work. Any
    suggestions?

    Thanks in advance.
    Alex
     
    Alex, Dec 23, 2003
    #1
    1. Advertisements

  2. What is the IPSec policy in place? What are its settings?

    Laura
     
    Laura A. Robinson [MVP], Dec 23, 2003
    #2
    1. Advertisements

  3. Alex

    Alex Guest

    The config is

    winxp-->nat-->...-->win2003

    and the only nat (dynamic one or pat) is doing port (and
    udp address) translation and there is no other nat before
    win2003.
    udp encapsulated esp packet from winxp comes to nat(pat),
    address is changed to external one and udp port is changed
    to another(external) port and packet goes out (to
    win2003), then reply comes back to that socket and nat
    performs reverse translation sending packet back to winxp.

    winxp ipsec policy: server(request security)
    win2003 ipsec policy: secure server (require security)
    sa: preshared key, 3des, sha1 (main mode)

    without nat it's working fine.
    with nat isakmp sa establishing is ok (according to ipsec
    monitor and eventlog) but application level doesn't work

    Alex
     
    Alex, Dec 24, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.