No announcement yet.

W2003 IPSec tunnel routing issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • W2003 IPSec tunnel routing issue

    Hi there!

    There is a W2003 server "server A with IP A" (which is also ADC) and a W2003 server "server B with IP B" (application server and member of A's domain).
    Then there is a Cisco 3000 (IPSec/VPN router) on the "other side" (reachable via public IP Rem) and behind that there is a private network "net B".

    Server A has a local domain security policy assigned which successfully establishes the IPSec tunnel to the Cisco 3000.
    I can ping net B from server A - no problem so far.
    Now I need server B to be able to utilize server A's tunnel since I want to (well need to) setup an FTP connection from server B to some server in net B.
    I have created a static route on server B so that net B is reachable via server A.
    I can see that the packets headed to net B are actually sent from server B to server A. BUT server A now simply refuses to forward those packets through the tunnel and I have no idea how to change that.
    My first idea was to create a static route on server A to net B but what IP shall I use as gateway IP? Since the cisco's IP is not part of net B I cannot use that and so I tried with the server A's own address but that did not help at all.

    I hope I am making some sense with this and GREATLY appreciate any help!

    Best regards,

    Tillman Zschucke

  • #2
    Re: W2003 IPSec tunnel routing issue


    1. First of all Sever B can not use the same tunnel while using Server A as a router because in this case Server A is being used as router and a router provides a routing path it does not change the source IP of the packet. IPsec workes on the IP addresses of the source and destination that's why it is rejecting the packets.

    2. You can use the IP of the router as gateway because gateway remains from the same network where the machine belongs. Gateway cannot be assigned from the destination network.

    3. As far as IPSec is concerned you can configure the IPSec policy on Server B same as on Server A so that it can use the same tunnel.

    Kapil Sharma
    Life is too short, Enjoy It.