| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Any IPSEC/IKE VPN Gurus on this list? HELP!!!
I am trying to get an IPSEC tunnel setup between a Windows2000 server and FW-1.
The W2k server is not acting as a gateway, its more like a client/host.
I just want to secure packets between that W2k server and anything on the inside of my FW-1.
So far, I think I have pulled just about ALL my hair out.
1) Windows2000 does not support Manual IPSEC, you have to use IKE, Kerberos or a CA.
This means I have to use IKE in this particular case.
2) I get my initial IKE phase-1/mainmode transfer but it never can agree on anything, I
always get a rejected "proposal" or I get "no response from peer".
3) I install the Microsoft "Support Tools" so I can run "netdiag /test:IPSEC" and all I get is
an error message "[fatal] failed to get system information of this machine".
I have installed and run this damn tool on FOUR W2k servers and not one of them does it work.
Is it possible that Windows2000 SP1 broke this tool? (wouldn't be the first time a ServicePack
broke usefull resource kit tools.....)
Does anyone that has succesfully done this have any usefull insights?
I am pouring over Microsoft literature and I keep reading stuff like "Windows 2000 IPSec tunneling is
not supported for client VPN use because the IETF IPSec RFCs do not currently support a remote
access solution in the IKE protocol for client-to-gateway connections."
This sounds alot like what I am trying to do since my W2k box is not acting as a gateway.
It's got a single IP address on it and that is what I am trying to tunnel with.
Suggestions?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
