Sign in with
Sign up | Sign in
Your question

Windows 2000 IPSEC to Netgear box: IKE security associatio..

Last response: in Windows 2000/NT
Share
August 17, 2004 2:21:00 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I'm trying to setup a Windows 2000 RRAS server to talk with a Netgear
Prosafe VPN firewall over IPSEC. I have them at least talking, but
they can't seem to establish a connection. Here is what the Win2K
event logs say:

IKE security association negotiation failed.
Mode:
Data Protection Mode (Quick Mode)

Filter:
Source IP Address 192.168.0.33
Source IP Address Mask 0.0.0.0
Destination IP Address 0.0.0.0
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 192.168.0.33
IKE Peer Addr 10.69.69.12
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

Peer Identity:
Preshared key ID.
Peer IP Address: 10.69.69.12

Failure Point:
Me

Failure Reason:
Unsupported ID

Extra Status:
Processed third (ID) payload
Responder. Delta Time 0
0x0 0x0


Can anyone please explain what is going on? cc to me by Email is much
appreciated.

Thank you
Anonymous
a b 8 Security
August 17, 2004 2:13:27 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Barry,

What are you using for authentication? Share secret, certificate, ... ?

What about other parameters? Are they same on both ends?

Mike

"Barry" <barry@webmailcenter.com> wrote in message
news:27f6e08d.0408162121.2b42f556@posting.google.com...
> I'm trying to setup a Windows 2000 RRAS server to talk with a Netgear
> Prosafe VPN firewall over IPSEC. I have them at least talking, but
> they can't seem to establish a connection. Here is what the Win2K
> event logs say:
>
> IKE security association negotiation failed.
> Mode:
> Data Protection Mode (Quick Mode)
>
> Filter:
> Source IP Address 192.168.0.33
> Source IP Address Mask 0.0.0.0
> Destination IP Address 0.0.0.0
> Destination IP Address Mask 255.255.255.255
> Protocol 0
> Source Port 0
> Destination Port 0
> IKE Local Addr 192.168.0.33
> IKE Peer Addr 10.69.69.12
> IKE Source Port 500
> IKE Destination Port 500
> Peer Private Addr
>
> Peer Identity:
> Preshared key ID.
> Peer IP Address: 10.69.69.12
>
> Failure Point:
> Me
>
> Failure Reason:
> Unsupported ID
>
> Extra Status:
> Processed third (ID) payload
> Responder. Delta Time 0
> 0x0 0x0
>
>
> Can anyone please explain what is going on? cc to me by Email is much
> appreciated.
>
> Thank you
Anonymous
a b 8 Security
August 17, 2004 9:27:18 PM

Archived from groups: microsoft.public.win2000.security (More info?)

There was documentation on the Netgear website at one time, but I can not find it
right now. I did have a FVS318 working to a W2K rras server at one time. The link
below is from Linksys but the policies are about the same if I can remember. Make
sure you are using ipsec "tunnel" mode with preshared key on each end. --- Steve

http://www.linksys.com/support/support.asp?spid=86


"Barry" <barry@webmailcenter.com> wrote in message
news:27f6e08d.0408162121.2b42f556@posting.google.com...
> I'm trying to setup a Windows 2000 RRAS server to talk with a Netgear
> Prosafe VPN firewall over IPSEC. I have them at least talking, but
> they can't seem to establish a connection. Here is what the Win2K
> event logs say:
>
> IKE security association negotiation failed.
> Mode:
> Data Protection Mode (Quick Mode)
>
> Filter:
> Source IP Address 192.168.0.33
> Source IP Address Mask 0.0.0.0
> Destination IP Address 0.0.0.0
> Destination IP Address Mask 255.255.255.255
> Protocol 0
> Source Port 0
> Destination Port 0
> IKE Local Addr 192.168.0.33
> IKE Peer Addr 10.69.69.12
> IKE Source Port 500
> IKE Destination Port 500
> Peer Private Addr
>
> Peer Identity:
> Preshared key ID.
> Peer IP Address: 10.69.69.12
>
> Failure Point:
> Me
>
> Failure Reason:
> Unsupported ID
>
> Extra Status:
> Processed third (ID) payload
> Responder. Delta Time 0
> 0x0 0x0
>
>
> Can anyone please explain what is going on? cc to me by Email is much
> appreciated.
>
> Thank you
August 18, 2004 1:11:12 AM

Archived from groups: microsoft.public.win2000.security (More info?)

My problem is that I was configuring the IPSEC filter for a subnet,
but setting up the netgear as a range of IP's, even though they
measured the same. I guess it's THAT picky.

Thank you everyone who responded.

Barry

barry@webmailcenter.com (Barry) wrote in message news:<27f6e08d.0408162121.2b42f556@posting.google.com>...
> I'm trying to setup a Windows 2000 RRAS server to talk with a Netgear
> Prosafe VPN firewall over IPSEC. I have them at least talking, but
> they can't seem to establish a connection. Here is what the Win2K
> event logs say:
>
> IKE security association negotiation failed.
> Mode:
> Data Protection Mode (Quick Mode)
>
> Filter:
> Source IP Address 192.168.0.33
> Source IP Address Mask 0.0.0.0
> Destination IP Address 0.0.0.0
> Destination IP Address Mask 255.255.255.255
> Protocol 0
> Source Port 0
> Destination Port 0
> IKE Local Addr 192.168.0.33
> IKE Peer Addr 10.69.69.12
> IKE Source Port 500
> IKE Destination Port 500
> Peer Private Addr
>
> Peer Identity:
> Preshared key ID.
> Peer IP Address: 10.69.69.12
>
> Failure Point:
> Me
>
> Failure Reason:
> Unsupported ID
>
> Extra Status:
> Processed third (ID) payload
> Responder. Delta Time 0
> 0x0 0x0
>
>
> Can anyone please explain what is going on? cc to me by Email is much
> appreciated.
>
> Thank you
!