Hi Martin,
Do you by any chance have DirectAccess enabled on the Win2008R2 server?
If I understand DirectAccess correctly, it allows the establishment of
IPsec tunnels from Win7 clients to Win2k8R2 servers. That would imply
there's an IPsec process or service running on the OS.
If you have DirectAccess enabled, maybe that service/component is
intercepting the IPsec packets that should be destined for the Shrew
client? That might explain why you are able to see the packets arrive
on the OS, but that they don't make it to the Shrew process.
On 03/07/2012 09:42 AM, Roper, Andrew wrote:
Martin,
I have seen some other discussions on these lists where other people
have had trouble with getting Shrew to work on Win2K8R2 and on any OS
running in a VM. The suspicion is that Win2K8R2 is not supported and
that something in the Hypervisor might be preventing the connection
from establishing. I, personally, have not tried Shrew Client on an
OS in a VM so I don't have any advice there. I would check to make
sure that there aren't any firewall rules on the hypervisor that may
be preventing the tunnel from establishing.
Regards, Andrew
From: Forster Martin [mailto:[email protected]] Sent: Friday,
March 02, 2012 10:19 AM To: Roper, Andrew Subject: RE: win2008r2 ike
phase 1 fails, works on win7x64 sp1
HI Andrew,
both machines win7 and win2008r2 are behind the same firewall.
(Watchguard) Both machines have their sw firewalls (onboard windows)
on. I have verified the arrival of answer packets with
- a monitoring port.
- A local installation of the Microsoft network monitor on the
win2008r2 box.
The empty capture files I mentioned are from the Shrew Trace
utility. I appended them.
Further Details. Both are vms on a esxi 4.1 host. The win2008r2 ist
running with a vmxnet3, the win7 box runs with e1000 adapter.
The Firewall Server is some sort of cisco, i guess a ASA.
Regards Martin
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
