Firewall Wizards mailing list archives
Re: ipsec communications with windows server
From: Jeremy C Russell <JeremyRussell () pplsi com>
Date: Tue, 19 Feb 2008 12:43:32 -0600
Are you sure that the router quits sending messages, or is the windows machine just not logging them... I would believe its a stack issue on the windows box and when you run a *networked* app, it resets a buffer or something to that affect.. I would make sure it is the router and not the windows box. Jeremy Russell Senior Unix Systems Administrator Pre-Paid Legal Services, INC. 580.272.2834 "shadow floating" <nadengine@google mail.com> To Sent by: "Firewall Wizards Security Mailing firewall-wizards- List" bounces@listserv. <firewall-wizards@listserv.icsalabs icsalabs.com .com> cc 02/19/2008 11:31 Subject AM Re: [fw-wiz] ipsec communications with windows server Please respond to Firewall Wizards Security Mailing List <firewall-wizards @listserv.icsalab s.com> hi guys i managed to get it up between the windows server and the cisco router with alittle problem, first the configuration of the devices: config of router: ip:10.0.0.1 IKE:HMAC-SHA1,DH2,preshared IPSec:transparent ESP-3DES-SHA1 DPD: 10 sec acl of interesting traffic: access-list 100 permit ip 10.0.0.1 10.0.0.2 accessl-list 100 permit ip 10.0.0.2 10.0.0.2 other functions of router: NAT, stateful Inspection firewall config of windows ip:10.0.0.2 IKE:HMAC-SHA1,DH2,preshared IPSec:transparent ESP-3DES-SHA1 acl: any ip from 10.0.0.2 to 10.0.0.1 (mirrored) services on windows: syslog server installed 10.0.0.1 is also the gateway for the management machine so all traffic from the windows machine to the internet must pass first through that router it all worked fine except for one thing...after variable amount of time the router seems not to be sending logs to the syslog server on the windows machine until it first recieves packets from from the windowshost...these packets could be a a dns request routed by router to external dns.... in other words i keep recieving logs from the router to the syslog server for say 8 hours...then i recieve nothing....if i started windows update for example on the windows machine , the routers start again sending syslog messages as "inspection rule allowed outbound dns from 10.0.0.2"..and keep recieving syslog messages for a about 10 hours..and then stop recieving any syslog messages...and same thing happens again and again...the time is not fixed but never got more than 1 day of continous syslog messages recieving does anyone have any suggestions? thanks alot regards, Nad On Feb 10, 2008 7:25 PM, Brett Cunningham <cssniper22 () gmail com> wrote:
What's the config on the router? Do you have xauth and config-mode
disabled?
On 2/10/08, shadow floating <nadengine () googlemail com> wrote:Hi list, i've been trying to get an IPSec communication channel to work between a cisco 2811 router IOS 12.4 and a windows server that have ipsec capabilities, have anyone tried this before and worked? i want to have a secure communication between the windows management host and the router via ipsec vpn the ike phase one seems to be ok as but the quick mode always fails though the same parameters are configured on both sides for a trasparent mode vpn any hints? thanks alot regards Nad_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards --------------------------------------------------------------------------- Confidentiality Note: This email and any attachment to it is confidential and protected by law and intended for the use of the individual(s) or entity named on the email. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination or distribution of this communication is prohibited. If you have received this communication in error, please notify the sender via return email and delete it completely from your email system. If you have printed a copy of the email, please destroy it immediately. Thank you --------------------------------------------------------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ipsec communications with windows server shadow floating (Feb 10)
- Re: ipsec communications with windows server Brett Cunningham (Feb 11)
- Re: ipsec communications with windows server shadow floating (Feb 19)
- Re: ipsec communications with windows server Jeremy C Russell (Feb 19)
- Re: ipsec communications with windows server shadow floating (Feb 19)
- Re: ipsec communications with windows server Christopher J. Wargaski (Feb 11)
- Re: ipsec communications with windows server Brett Cunningham (Feb 11)