|
|
|
|||
|
Home | Troubleshooting | Quick Setup | Cisco How to | Data Recovery | Forums | Blog | IT Exam Practice | Services | About Us | Chicagotech MVP | Search | Contact Us | |
|
IPSec
Can IPSEC be configured between two computers via Internet
Can't
ping remote computer even Linksys router displays "Connect" Causes: 1.
Incorrected Secure Group settings. How many IPSec tunnels BEFVP41 supports Most Linksys routers support only one IPSec connection at any given time. However, it allows up to 70 IPSec tunnels pass through the router. How to setup Windows IPsec client To setup windows IPSec client on w2k/xp, run MMC to add IPSec Security Policies. Right-click on it to create a new IP filter. Make sure both server and client have the same settings such as IP subnet, tunnel IP and authentication methods. For consulting service, contact a consultant. For consultants, refer to IPSec issue page. Symptom: you setup IPSec to connect two LANs and you can ping each other by IP but name. Cause: You have a name resolution issue and check the DNS and WINS settings. For consultants, refer to case 110704RL. IPSec PolicyAgent Service couldn't be started - Event ID 319 Cause: a 3dr party policy is running. For consultants, please refer to TK082004 Flags are outbound only on IPSec Tunnels Symptoms: When using netdiag /test::ipsec /debug command to test IPSec settings on w2k/xp, you nay get two outbound flags instead of one inbound and another outbound. Resolution: make sure you enter correct endpoint for the tunnels. How to use Ipsecmon to view the policies of IPSec/L2TPWith a IPSec/L2TP connection , you can use the Ipsecmon utility to view the policies that are in effect. For example, you may see items similar to the following sample output for a default L2TP/IPSec connection (client-to-server or server-to-server): Policy name: L2TP Rule How to use Netdiag to view the policies of IPSec/L2TPWithout an active IPSec/L2TP connection, you can use netdiag to view the policy of IPSec/L2TP, for example, netdiag /test:ipsec /debug. Note: The Netdiag tool is available after installing the Windows Support Tools package. This package is located in the Support\Tools folder on the Windows CD-ROM. After you install this package, Netdiag is located in the Program Files\Support Tools folder. Negotiating IP Security and never receive Reply Symptom: After created a IPSec Policy, you may receive Negotiating IP Security when you do ping remote computer IP. And you never receive the reply. Cause: 1. Incorrect Tunnel Settings. For consultants, refer to 101404RL Other computers can't ping remote computers Symptom: after created a site to site IPSec connection, you ping the remote computers from the IPSec enabled computer but not other computers. Resolution: add the routing table for accessing remote computers. For consultants, refer to 101404RL The ports need to open for IPSec IP protocol 51 and 51, and UDP port 500: Time out when using ping command Symptom 1:. You have correct windows IPSec client setup and you can ping the remote IP of the VPN without Cisco PIX Firewall. But if your computer behind the PIX, you get time out when attempting to ping the remote IP of the VPN. Cause 1: the PIX may have the same ip pool as the IP subnet of the remote VPN. Symptom 2: You are accessing a VPN and is assigned 192.168.1.2. You get time out when attempting to ping the remote computer with IPSec client setup. Cause 2: The IPSec is using the same IP range as 192.168.1.0. Un-assign IP filter will disable the IPSec. Symptom 3: After create IPSec policy, you receive Time out when you do ping remote computer. Cause 3: Incorrect IP Filter List or other IPSec settings. For consultants, refer to 101404RL Troubleshooting IPSec1. Audit Policy: To troubleshoot IPSec when it
does not behave the way that you expect it to, first check the results of the
Phase One and Phase Two exchanges by enabling Audit Policy, which causes
security events to be logged in the security log of the Event Viewer. |
|
|
This web is provided "AS IS" with no warranties.
Copyright © 2002-2018
ChicagoTech.net,
All rights reserved. Unauthorized reproduction forbidden.