Sign in with
Sign up | Sign in
Your question

How can i use preshared key option using IPSECCMD?

Last response: in Windows XP
Share
June 20, 2005 6:23:54 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi.. I'm Sunhee.

My question is how to use preshared key parameter using IPSECCMD
command.

This is my test scenario. I set ipsec on 2 PCs using IPSECCMD as
follwoing.
------------------------------------------------------------------
PC1) ipseccmd -f 192.168.1.193+192.168.1.194 -n ah[md5] -a p:"ims"
PC2) ipseccmd -f 192.168.1.194+192.168.1.193 -n ah[md5] -a p:"ims"
------------------------------------------------------------------
and then I send ping from pc1 to pc2.

I thought that there was no key exchage(ISAKMP) if i set [-a p:"test"]
option.
But, PC1 still sent ISAKMP pakcet.

I wonder why pc1 send ISAKMP packet?
As I know isakmp paket is used to exchange keys and alogrithms.
But, I already set "Preshared key" and "algorithm".

My test senario was worong??

Actually, there's something strange.
After I set like upper.
I checked local SA using "ipseccmd show sas" command.
but, thers was no SAs.
Only after sending ping, I can see a SAs.

Can I make a SA using IPSECCMD command?
Maybe ISAKMP packet was sended, because there was no SA.

Please give me some advice.
Thnak you in advanced.
June 20, 2005 7:14:43 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Ana another question.

How can i set SPI value?

I also tested IPSec6 command on XP.
and I can set SPI value in the "xxx.sad" file which is used by ipsec6
command.

but, ipseccmd command makes some random spi values. I can see spi
values using "ipseccmd show sas".
Is it possible to set spi values manually?

Thank you.
Anonymous
June 22, 2005 2:23:30 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

there is a new ipsec newsgroup that would be well suited for this type of
question
microsoft.public.windows.networking.ipsec

I'm not aware the you can manually set the SPI. I thought the systen
calculated as part of the SA negotiation.

--
Stephen Cartwright [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

"sunny" <ogoooood@yahoo.co.kr> wrote in message
news:1119262483.622773.75300@g14g2000cwa.googlegroups.com...
> Ana another question.
>
> How can i set SPI value?
>
> I also tested IPSec6 command on XP.
> and I can set SPI value in the "xxx.sad" file which is used by ipsec6
> command.
>
> but, ipseccmd command makes some random spi values. I can see spi
> values using "ipseccmd show sas".
> Is it possible to set spi values manually?
>
> Thank you.
>
!