IPSEC with pre-shared key VPN setup

[anonymous]

I am attempting to conenct a Windows 2000 station to a
Linksys BEFVP41 VPN router using IPSEC with pre-shared
keys. I have created and assigned the policy, set the
registry to use the locally defined IPSEC policy which
specifies the pre-shared key to use, and I can establish a
link via DOS command line, but cannot establish a link
through the Network Connections applet. The response I
get is "There was no answer". I am able to ping the
internet address of the Linksys box. In DOS, I must first
manually define a route to the remote network (route add
<lan address> mask <lan mask> <IP of Linksys WAN port),
then I can ping addresses in the remote network. The ping
will show negotiating ipsec security, then will respond
normally. If I go back to Windows, it will not connect or
use any remote network services, or see the remote
network.

 

[Steven L Umbach]

Try using ipsecmon to view if the Security Associations are being created or not.
Network access over an ipsec tunnel can be slow and netbios name resolution probably
will not work if it is broadcast instead of wins or lmhosts files. Try accessing a
share using IP address as in \\xxx.xxx.xxx.xxx\sharename. If you are trying to
connect through a router firewall you will need to configure it for ipsec ports as
shown in KB below and look in the firewall logs for dropped traffic from the Linksys
ipsec endpoint router. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;233256
http://support.microsoft.com/default.aspx?scid=kb;en-us;257225 --- ipsec
troubleshooting

 

[anonymous]

IPSECMON shows the secutiry association only when the
connection is made through DOS. If I attempt to use the
Windows 2000 Network Connections applet to establish the
link, nothing happens. While in DOS, I can ping the
remote network station, but attempts to connect to a
share on that station will result in an error 53:
network path not found. I am connecting directly to the
WAN port of the VPN router. There is no firewall between
my test station and the VPN router (for testing purposes).

-----Original Message-----
Try using ipsecmon to view if the Security Associations are being created or not.
Network access over an ipsec tunnel can be slow and

netbios name resolution probably

will not work if it is broadcast instead of wins or lmhosts files. Try accessing a
share using IP address as in

\\xxx.xxx.xxx.xxx\sharename. If you are trying to

connect through a router firewall you will need to

configure it for ipsec ports as

shown in KB below and look in the firewall logs for

dropped traffic from the Linksys

 

[anonymous]

The laptop being used for the test has a bulit in lan and
wireless adapter. Is it possible that the system is only
using the policy for the wireless adapter, and not the LAN
adapter. The wireless adapter is disabled in the hardware
profile. I can not find any setting to say which adapter
to associate with, so I assume the policy should work with
any active adapter.

Is this correct?

-----Original Message-----
Try using ipsecmon to view if the Security Associations are being created or not.
Network access over an ipsec tunnel can be slow and

netbios name resolution probably

will not work if it is broadcast instead of wins or lmhosts files. Try accessing a
share using IP address as in

\\xxx.xxx.xxx.xxx\sharename. If you are trying to

connect through a router firewall you will need to

configure it for ipsec ports as

shown in KB below and look in the firewall logs for

dropped traffic from the Linksys

 

[Steven L Umbach]

When you assign an ipsec policy to a computer and you use "my IP address" as
source/destination it should not make any difference as to the adapter you use. I did
use an ipsec tunnel to home from a W2K computer to my Netgear FVS318 ipsec endpoint
device but I am not familiar with the Linksys device. I remember that I had to use
"tunnel mode" and configure endpoints for each router and internal lan configuration.
I believe another common problem is that the lans must have separate network IP
addresses on each and as in 192.168.0.xxx and 192.168.1.xxx and support common
security methods such as 3des and sha1. The vpn log on your Linksys device may have
some useful info as far as what the problem may be. You also might want to try to
contact Linksys. --- Steve

http://www.linksys.com/support/support.asp?spid=86 -- Don't know if this is what you
used, but may help.