Vista IPSEC tunnel - Network

This is a discussion on Vista IPSEC tunnel - Network ; Has anyone successfully created a tunnel configuration with Vista native IPSEC? I try to create a roadwarrior ipsec policy per MMC and the IPSEC policy plugin or per "netsh ipsec static": me - ... - gateway - net I created ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Vista IPSEC tunnel

  1. Vista IPSEC tunnel

    Has anyone successfully created a tunnel configuration with Vista
    native IPSEC?

    I try to create a roadwarrior ipsec policy per MMC and the IPSEC
    policy plugin or per "netsh ipsec static":

    me - ... - gateway - net

    I created a filterlist for each direction, with "gateway" respectively
    "me" as tunnel endpoint.
    I attached an ESP filteraction to both directions.

    But nothing happens, all "netsh ipsec dynamic" counters stay at zero,
    unencrypted packets are sent out.

    The same configuration works fine with XP.
    Is only the transport mode any longer supported in Vista, but
    forgotten to remove from the GUI or is there some trick or is it a
    Vista bug?

    Thank you
    Daniel


  2. RE: Vista IPSEC tunnel

    I would try with the last Vista SP1 build.

    "db@facton.com" wrote:

    > Has anyone successfully created a tunnel configuration with Vista
    > native IPSEC?
    >
    > I try to create a roadwarrior ipsec policy per MMC and the IPSEC
    > policy plugin or per "netsh ipsec static":
    >
    > me - ... - gateway - net
    >
    > I created a filterlist for each direction, with "gateway" respectively
    > "me" as tunnel endpoint.
    > I attached an ESP filteraction to both directions.
    >
    > But nothing happens, all "netsh ipsec dynamic" counters stay at zero,
    > unencrypted packets are sent out.
    >
    > The same configuration works fine with XP.
    > Is only the transport mode any longer supported in Vista, but
    > forgotten to remove from the GUI or is there some trick or is it a
    > Vista bug?
    >
    > Thank you
    > Daniel
    >
    >


  3. Re: Vista IPSEC tunnel

    I tried the SP1 beta build 16659, but the same behavior.

    For me a dilemma of bad options:

    1. using the legacy "netsh ipsec" doesn't seem to create working
    tunnel configurations.

    2. using (the working) "netsh advfirewall consec" does enforce AuthIP
    auth even when the peer doesn't support it and fails that's why.

    Daniel

    On 30 Okt., 20:09, Bill wrote:
    > I would try with the lastVistaSP1 build.
    >
    > "d...@facton.com" wrote:
    > > Has anyone successfully created a tunnel configuration withVista
    > > nativeIPSEC?



  4. Re: Vista IPSEC tunnel

    Good news!

    I tried the current beta v652 and "netsh advfirewall" doesn't require
    AuthIP any longer and connects successful per computer cert!
    "netsh ipsec" still fails, but who cares, maybe dropped silently by
    MS?

    Thank you Bill for your advice!

    Daniel

    On 6 Nov., 19:35, d...@facton.com wrote:
    > I tried the SP1 beta build 16659, but the same behavior.
    >
    > On 30 Okt., 20:09, Bill wrote:
    >
    >
    >
    > > I would try with the lastVistaSP1 build.

    >
    > > "d...@facton.com" wrote:
    > > > Has anyone successfully created a tunnel configuration withVista
    > > > nativeIPSEC?- Zitierten Text ausblenden -

    >
    > - Zitierten Text anzeigen -




  5. Re: Vista IPSEC tunnel

    Using the current v652 beta of the SP1 "netsh advfirewall" works,
    Vista doesn't enforce AuthIP any longer!
    I can connect successfully.

    Thank you for your Advice, Bill!

    Daniel

    On 6 Nov., 19:35, d...@facton.com wrote:
    > I tried the SP1 beta build 16659, but the same behavior.
    >
    > On 30 Okt., 20:09, Bill wrote:
    >
    > > I would try with the lastVistaSP1 build.

    >
    > > "d...@facton.com" wrote:
    > > > Has anyone successfully created a tunnel configuration withVista
    > > > nativeIPSEC?



+ Reply to Thread