• December 08, 2021, 01:22:32 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Need some help in configuring IPSec tunnel dir-130 to windows server 2003  (Read 7500 times)

arman_prof

  • Level 1 Member
  • *
  • Posts: 4

I think it will be better if somebody help me from the start as I've already tried 3 times and without any success.
The windows Server 2003 is domain controller in one office with one net adapter with public ip and other one with private (also nat, dns, ad, etc.)
Dir-130 is in another office with second public ip address and also 20 computers connected to through switch.

I need to setup vpn tunnel with windows server 2003. I succeded to configure tunnel with second dir-130 but not windows.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675

IPsec is all about making sure your proposals match, I don't personally have any experience connecting Windows 2003 to the DIR-130, but I know it has been done.
Logged
non progredi est regredi

arman_prof

  • Level 1 Member
  • *
  • Posts: 4

Yeah, I know. I managed to configure IPSec tunnel between 2 dir-130s.
But I think there is something else I must configure in windows server 2003.
I've managed to have some results already 10 minutes.
I can see the tunnel in status->vpn on dlink, but I cannot ping dlinks private address nor computers private addresses from windows server.

Is there any restrictance if two network belong to 2 different private subnets?

The reason I asked you to help is that there is no any information on net on this. I found some microsoft tech articles on how to configure ipsec and done mainly with these articles, but the only thing I have now tunell name in status on dlink.

Maybe there is someone who managed to do this and will be so kind to help me a little...
Logged

arman_prof

  • Level 1 Member
  • *
  • Posts: 4

The only thing I need is to have 2 network connected with each other as they're in one place and on one subnet...
Maybe you know other methods for this....
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675

VPN is the proper way of accomplishing that.

And you need them to be on 2 different networks as this is a routed connection.
Logged
non progredi est regredi

arman_prof

  • Level 1 Member
  • *
  • Posts: 4

It is the fourth day I'm trying to esatblish IPSec between dir-130 and Win2003 server.

On the IP Security Monitor snap-in in Windows 2003 I can see 1 Active tunnel with right rules and routes, when I'm trying to ping dir-130 local subnet from win2003 subnet I'm receiving Negotiating IP Security and all packets lost, but I think the problem is on DIR-130 side...

I have the debug from DIR-130 and hope you can help with this

Jun 19 21:40:17 Debug Information IPSec "conn_test" #1: received Delete SA payload: replace IPSEC State #27 in 10 seconds
Jun 19 21:40:17 Debug Information IPSec "conn_test" #1: received and ignored informational message
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #27
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: sent QI2, IPsec SA established
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH).
Jun 19 21:40:27 Debug Information IPSec "conn_test" #28: sending encrypted notification INVALID_PAYLOAD_TYPE to 93.94.222.238:500
Logged