[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec over a wireless network to a W2K or Windows XP client?
On Tue, May 27, 2003 at 08:09:54PM -0600 Bob Beck hacked thusly:
> 50 bucks gets you the SafeNET SoftPK Ipsec client for windows,
> which seems to work fine. the Builtin shit for windows doesn't work,
> it's point to point only.
I am assuming that by "point to point" you mean transport mode only.
This misconception has been circulating for a while. I don't know whether
or not this was ever true but it is certainly NOT true from win2k SP2 on.
The win2k and XP native clients do indeed work in tunnel mode.
The UI however is quite horrid and most of the important options that need
to be changed for the client to play nice with isakmpd are hidden from plain
sight. But it does work with a little coaxing. I believe almost ALL of the
default settings must be changed in some way to acheive interoperability
I've personally gotten it working with both PSK's and x509 keys and from
behind a nat gateway ( esp in tunnel mode ).
This document describes how to set it up fairly well.
There are some caveats to this document. Those interested can mail me
Here are some relevant articles about IPsec tunneling under win2k.
I do agree with you however that the soft-pk client is _much_ nicer
to work with. :)
Mathieu Sauve-Frankel | Quotation, n: The act of repeating erroneously
Network Administrator | the words of another.
email@example.com | Ambrose Bierce