How can i use preshared key option using IPSECCMD?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi.. I'm Sunhee.

My question is how to use preshared key parameter using IPSECCMD
command.

This is my test scenario. I set ipsec on 2 PCs using IPSECCMD as
follwoing.
------------------------------------------------------------------
PC1) ipseccmd -f 192.168.1.193+192.168.1.194 -n ah[md5] -a p:"ims"
PC2) ipseccmd -f 192.168.1.194+192.168.1.193 -n ah[md5] -a p:"ims"
------------------------------------------------------------------
and then I send ping from pc1 to pc2.

I thought that there was no key exchage(ISAKMP) if i set [-a p:"test"]
option.
But, PC1 still sent ISAKMP pakcet.

I wonder why pc1 send ISAKMP packet?
As I know isakmp paket is used to exchange keys and alogrithms.
But, I already set "Preshared key" and "algorithm".

My test senario was worong??

Actually, there's something strange.
After I set like upper.
I checked local SA using "ipseccmd show sas" command.
but, thers was no SAs.
Only after sending ping, I can see a SAs.

Can I make a SA using IPSECCMD command?
Maybe ISAKMP packet was sended, because there was no SA.

Please give me some advice.
Thnak you in advanced.
2 answers Last reply
More about preshared option ipseccmd
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Ana another question.

    How can i set SPI value?

    I also tested IPSec6 command on XP.
    and I can set SPI value in the "xxx.sad" file which is used by ipsec6
    command.

    but, ipseccmd command makes some random spi values. I can see spi
    values using "ipseccmd show sas".
    Is it possible to set spi values manually?

    Thank you.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    there is a new ipsec newsgroup that would be well suited for this type of
    question
    microsoft.public.windows.networking.ipsec

    I'm not aware the you can manually set the SPI. I thought the systen
    calculated as part of the SA negotiation.

    --
    Stephen Cartwright [MSFT]

    "This posting is provided "AS IS" with no warranties, and confers no
    rights."

    "sunny" <ogoooood@yahoo.co.kr> wrote in message
    news:1119262483.622773.75300@g14g2000cwa.googlegroups.com...
    > Ana another question.
    >
    > How can i set SPI value?
    >
    > I also tested IPSec6 command on XP.
    > and I can set SPI value in the "xxx.sad" file which is used by ipsec6
    > command.
    >
    > but, ipseccmd command makes some random spi values. I can see spi
    > values using "ipseccmd show sas".
    > Is it possible to set spi values manually?
    >
    > Thank you.
    >
Ask a new question

Read More

Command Prompt Windows XP