Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

W2K3 IPSEC to VPN3000 configuration

Our client connects to our VPN3000 server via a W2K3 server, used to setup a L2L tunnel. For years he has only had to talk to one server on our side. Recently, we added a server, meaning I had to add a network list in the 3000 for 2 addresses and he had to create an additional rule on the W2K3 server. We have had problems since those changes were made. Right now as a work around, my side has not changed (2 addresses in network list), but he is having to change 1 rule on his side everytime he wants to access the other server. When he has rules in for both servers it will sometimes work, other times only one server will work, other times none will work. Has anyone ever seen a problem like this? It seems to be something in the rules he has setup but I don't know enough about the windows rules, does anyone have any documentation on setting up ipsec rules in 2003 server?


Re: W2K3 IPSEC to VPN3000 configuration

Windows Server 2003 supports IPSec tunneling for situations where both tunnel endpoints have static IP addresses. This is primarily useful in gateway-to-gateway implementations. However, it may also work for specialized network security scenarios between a gateway or router and a server. (For example, a Windows Server 2003 router that routes traffic from its external interface to an internal Windows Server 2003-based computer that secures the internal path by establishing an IPSec tunnel to the internal server that provides services to the external clients).

Windows Server 2003 IPSec tunneling is not supported for client remote access VPN use because the Internet Engineering Task Force (IETF) IPSec Requests for Comments (RFCs) do not currently provide a remote access solution in the Internet Key Exchange (IKE) protocol for client-to-gateway connections. IETF RFC 2661, Layer Two Tunneling Protocol "L2TP," was specifically developed by Cisco, Microsoft, and others to provide client remote access VPN connections. In Windows Server 2003, client remote access VPN connections are protected using an automatically generated IPSec policy that uses IPSec transport mode (not tunnel mode) when the L2TP tunnel type is selected.

You can try this link for configuring the ipsec in 2003 server