IPSec between Windows 2000 SBS and FVS318

[sportess]

I am trying to configure a tunnel between a Windows 2000 SBS server running ISA and RRAS and a NetGear FVS318 Router.

I am having the FVS318 indicate an "Active" connection but I am not detecting anything at the Windows 2000 SBS end. I cannot ping any internal addresses and nothing is coming up in ipsecmon.

What routes should I have set at each end? Am I missing something?...

 

[ptuck]

I am having similiar problem. I am using two FVS318 boxes and they are talking fine, but I cannot get past my SBS 2000 server to access the resources at our Main office. If you get some information, please share...

Good Luck,
Paul

 

[John Lewis]

Make sure that the network addresses on the two ends are different. Assuming you are using a subnet mask of 255.255.255.0, you could use 192.168.1.xxx on one end and 192.168.2.xxx on the other. You can't use 192.168.1.xxx on both ends.

Each side of the VPN will need a route to the other side. Assuming the network addresses above, the computers on the SBS side will need a route to the other network with the SBS server as the gateway. The RRAS will need a route to the other network with the VPN connection as the gateway.

On the NETGEAR side, the computers will need a route to the SBS network address with the address of the NETGEAR as the gateway. The FVS318 may also need to be configured with routing information, but haven't dealt with one of those so I'm not sure of the specifics. It might be able to figure out the routing on it's own.

In case you need more help . . .

What happens when you try to ping -- what is the specific error you receive?

Try 'tracert xxx.xxx.xxx.xxx' replacing the xxx.xxx.xxx.xxx with an ip from the other side of the VPN -- just like ping. Again, report your results.

 

[sportess]

I am trying to configure a network - network connection between a Windows SBS server and a Netgear FVS318 Router.

I have created an IPSEC Policy on the SBS Server that consist of the following.

NetA(Main Office) - NetB(Branch Office)

Filter Properties:
Soure:
IP - 10.0.0.0
Subnet - 255.255.0.0
Destination:
IP - 10.1.14.0
Subnet - 255.255.255.0
(No Mirroring)
Protocol: Any

Filter Action:
Negotiate Security
Data Integrity and Encryption: 3DES, SHA1
Generate New Key: 3600 seconds
Session Key Perfect Forward Secrecy: Enabled

Authentication Method:
Preshared Key

Tunnel Setting:
The tunnel ednpoint is specified by this IP address:
Internet IP of Branch Office (Netgear FVS318 Router)

Connection Type:
All


The policy is assigned and if I check using GPResult the policy is assigned to the SBS server and using NETDIAG it displays the filters.

I have gone into RRAS and created a static route that has the interface as the Internet IP of the main office, the destination is the internal network ID (10.1.14.0) and the gateway is the Remote office internet IP.

I have configured the Netgear Router where it is indicating the connection as active but nothing is coming up on Windows 2000 SBS Server. I cannot ping either way, and ipsecmon is not displaying a policy name.

 

[EurocompSupport]

Hi,

Although KB 252735 indicates that W2K can set up IPSEC tunnels with third party devices iaw the RFC, this is for RRAS only.

KB 314764 notes that IPSEC tunnels are not possible if ISA server is being used as the endpoint, it changes the TCP/IP and IPSEC policy rules mechanisms. It may get fixed in a future ISA Service Pack.

Cheers