NLB and Clustering connection over ipsec problems - Network

This is a discussion on NLB and Clustering connection over ipsec problems - Network ; Hi. I currently have two frontend exchange 2003 servers configured with NLB in a perimeter network which connect to a Backend Cluster and a seperate DC through a Watchguard Firewall. I have set up to allow the correct ports through ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: NLB and Clustering connection over ipsec problems

  1. NLB and Clustering connection over ipsec problems

    Hi.

    I currently have two frontend exchange 2003 servers configured with NLB in a
    perimeter network which connect to a Backend Cluster and a seperate DC
    through a Watchguard Firewall.

    I have set up to allow the correct ports through the firewall.

    I can connect between everything fine.
    I have set up a IPSEC policy (W2K3 gpo) so that all traffic from the
    frontend uses ipsec to connect to the backend and dc and Vice Versa, and all
    traffic connects from the Backend to the DC using ipsec and Vice Versa.
    All other traffic is uncrypted

    I am using pre-share keys and 3des sh1

    I have just set the ipsec to work and this happens

    FE1

    Can ping both NIC's on FE2
    Can Ping the DC
    Can Ping all NIC's on the BE Cluster

    FE2

    Can ping both NIC's on FE1
    Can't ping the DC
    Can ping all NIC on the BE Cluster except the Cluster IP (just negotiated)

    BE Cluster

    Can ping the DC
    Can't ping any NIC's on FE1
    Can ping one NIC on FE2 but not the cluster NIC.

    DC

    Can ping all NICS on the BE Cluster
    Can ping one NIC on FE1 but not the Cluster NIC
    Can't ping any NIC's on FE2

    When i try to ping i just get "negotiating" instead of a reply to all the
    ip's i can't ping.

    Is it because IPSEC isn't negotiating quick enough??

    Any help would be grateful

    Cheers

    James



  2. Re: NLB and Clustering connection over ipsec problems

    Try this link with some IPSec Troubleshooting tips

    http://technet2.microsoft.com/Window....mspx?mfr=true


    "James Hill" wrote in message
    news:%23EprvKM3GHA.4164@TK2MSFTNGP05.phx.gbl...
    > Hi.
    >
    > I currently have two frontend exchange 2003 servers configured with NLB in
    > a perimeter network which connect to a Backend Cluster and a seperate DC
    > through a Watchguard Firewall.
    >
    > I have set up to allow the correct ports through the firewall.
    >
    > I can connect between everything fine.
    > I have set up a IPSEC policy (W2K3 gpo) so that all traffic from the
    > frontend uses ipsec to connect to the backend and dc and Vice Versa, and
    > all traffic connects from the Backend to the DC using ipsec and Vice
    > Versa.
    > All other traffic is uncrypted
    >
    > I am using pre-share keys and 3des sh1
    >
    > I have just set the ipsec to work and this happens
    >
    > FE1
    >
    > Can ping both NIC's on FE2
    > Can Ping the DC
    > Can Ping all NIC's on the BE Cluster
    >
    > FE2
    >
    > Can ping both NIC's on FE1
    > Can't ping the DC
    > Can ping all NIC on the BE Cluster except the Cluster IP (just negotiated)
    >
    > BE Cluster
    >
    > Can ping the DC
    > Can't ping any NIC's on FE1
    > Can ping one NIC on FE2 but not the cluster NIC.
    >
    > DC
    >
    > Can ping all NICS on the BE Cluster
    > Can ping one NIC on FE1 but not the Cluster NIC
    > Can't ping any NIC's on FE2
    >
    > When i try to ping i just get "negotiating" instead of a reply to all the
    > ip's i can't ping.
    >
    > Is it because IPSEC isn't negotiating quick enough??
    >
    > Any help would be grateful
    >
    > Cheers
    >
    > James
    >
    >




+ Reply to Thread