Discussion:
Site to Site "Negotiating IP Security"
(too old to reply)
David Lozzi
2006-05-18 21:28:19 UTC
Permalink
Howdy,

Here's my scenario:

sbs2003pre w/ isa 2004 -- dlink router -- internet -- dlink router --
win2003 w/ isa 2004

Both servers are in the DMZ of each router. The dlinks are there because
these ISA networks are secondary networks. I followed the following link to
setup the VPN between the two servers:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositevpn.mspx

In addition, i added two firewall polices to each ISA box: From remote
network to internal and local and from internal and local to remote network,
all protocols. The remote sites are setup as follows:

Address range: internal of each. both different ips (10.0.25.0 and
192.168.7.0)
Each has the external IP address of the other server specified. The ISP's
IP.
Local VPN Gateway IP Address specifies the external ip of isa (192.168.1.20
and 10.7.7.150 respectively)
IPSEC Settings (from top to bottom)
Phase I tab
3DES
MD5
Group 2
28800
Phase II Tab
3DES
MD5
Generate key every 3600 seconds
Use PFS is checked
Group 2
Authentication is pre-shared key, both the same key

So when I ping the remote server by IP I get "Negotiating IP Security" four
times. If I ping again immediatly I continue to get this response. Same from
both servers.

HELP!

Thanks!!!!
--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
David Lozzi
2006-05-18 21:44:38 UTC
Permalink
OK, right after I posted that, I tried pinging the remote server (SBS2003)
from my workstation (WinXPPro) behind my local ISA server (Win2003) and I
can ping and browse to the remote server by IP no problem. However I cannot
ping it by DNS. I setup the IP of the remote server as a DNS forwarder on my
local server but I'm guessing that because the server's aren't seeing each
other, DNS wont forward properly?

How do I get these servers talking?

Thanks!
--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
Post by David Lozzi
Howdy,
sbs2003pre w/ isa 2004 -- dlink router -- internet -- dlink router --
win2003 w/ isa 2004
Both servers are in the DMZ of each router. The dlinks are there because
these ISA networks are secondary networks. I followed the following link
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositevpn.mspx
In addition, i added two firewall polices to each ISA box: From remote
network to internal and local and from internal and local to remote
Address range: internal of each. both different ips (10.0.25.0 and
192.168.7.0)
Each has the external IP address of the other server specified. The ISP's
IP.
Local VPN Gateway IP Address specifies the external ip of isa
(192.168.1.20 and 10.7.7.150 respectively)
IPSEC Settings (from top to bottom)
Phase I tab
3DES
MD5
Group 2
28800
Phase II Tab
3DES
MD5
Generate key every 3600 seconds
Use PFS is checked
Group 2
Authentication is pre-shared key, both the same key
So when I ping the remote server by IP I get "Negotiating IP Security"
four times. If I ping again immediatly I continue to get this response.
Same from both servers.
HELP!
Thanks!!!!
--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
Loading...