Hi all,

I've got strange problem with ipsec connection between Win2003SBS and
WinXPsp2.
We have SQL Server running on Win2003. I try to setup ipsec connection to
this server from remote site.

Network topology is as follows:

SQL Server --- Linux firewall/router --- DSL modem/NAT --- Internet ---
FreeBSD firewall/NAT --- WinXPsp2 client.

On XP clients I have AssumeUDPEncapsulationContextOnSendRule registry key
with value of 2.

Most of clients from same subnet can connect successfully to SQL. But there
is one with that strange problem. SA is established ok, IP Security Monitor
shows security associations in both Main and Quick mode. There is nothing
suspicious in oakley.log. When I try to telnet SQL server's 1433 port,
connection timeouts. On SQL Server I see connection attempt from that
problematic client, but tcp state shows SYN_RECEIVED.

So, as I understand packets can get from client to server but can't go back.

Certificates are used for authentication but it seems that all is ok with
authentication.

Maybe someone experienced same problem. Thanks.

Rimantas