Does anybody successfully create a LAN-to-LAN ipsec VPN between a Pix and a win2k server? I have followed documents in cisco site and microsoft site many time but still doesn't work. Here are some of my questions:
1. If win2k is a internet gateway, I should use NAT. But how can i do "no NAT" in win2k just like in PIX when dealing with ipsec traffic?
2. When I ping from pix lan to win2k lan, a SA is established successfully but the ping packet never return back. When I ping from win2k lan to pix lan, no SA is established. Any problem with the ipsec filter policy?
3. I started network monitor on win2k server, and when i ping from win2k lan to pix lan, the server logs says the pix lan is unreachable. I suppose this message means that ipsec is not protecting those traffic.
4. Is there any detailed guideline on how to implement this kind of vpn? i only got some from ms and cisco site.
My question may relate more to win2k than to cisco. However, i find more professional/expert here than in microsoft site. so i put it here.:>
thanks very much.
Edwin