W2K3 IPSEC to VPN3000 configuration

Unanswered Question
Apr 4th, 2007

Our client connects to our VPN3000 server via a W2K3 server, used to setup a L2L tunnel. For years he has only had to talk to one server on our side. Recently, we added a server, meaning I had to add a network list in the 3000 for 2 addresses and he had to create an additional rule on the W2K3 server. We have had problems since those changes were made. Right now as a work around, my side has not changed (2 addresses in network list), but he is having to change 1 rule on his side everytime he wants to access the other server. When he has rules in for both servers it will sometimes work, other times only one server will work, other times none will work. Has anyone ever seen a problem like this? It seems to be something in the rules he has setup but I don't know enough about the windows rules, does anyone have any documentation on setting up ipsec rules in 2003 server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Tue, 04/10/2007 - 10:15

Windows Server 2003 supports IPSec tunneling for situations where both tunnel endpoints have static IP addresses. This is primarily useful in gateway-to-gateway implementations. However, it may also work for specialized network security scenarios between a gateway or router and a server. (For example, a Windows Server 2003 router that routes traffic from its external interface to an internal Windows Server 2003-based computer that secures the internal path by establishing an IPSec tunnel to the internal server that provides services to the external clients).

Windows Server 2003 IPSec tunneling is not supported for client remote access VPN use because the Internet Engineering Task Force (IETF) IPSec Requests for Comments (RFCs) do not currently provide a remote access solution in the Internet Key Exchange (IKE) protocol for client-to-gateway connections. IETF RFC 2661, Layer Two Tunneling Protocol "L2TP," was specifically developed by Cisco, Microsoft, and others to provide client remote access VPN connections. In Windows Server 2003, client remote access VPN connections are protected using an automatically generated IPSec policy that uses IPSec transport mode (not tunnel mode) when the L2TP tunnel type is selected.

You can try this link for configuring the ipsec in 2003 server

http://support.microsoft.com/kb/816514

Actions

This Discussion