[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows 2000 IPSec interop web site

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Windows 2000 IPSec interop web site
From: William Dixon <wdixon@microsoft.com>
Date: Thu, 9 Dec 1999 04:20:40 -0800
Sender: owner-ipsec@lists.tislabs.com

The IPSec team at Microsoft has established an Internet web site for IPSec
interop testing against Windows 2000 server, both IPSec AH & ESP, AH+ESP,
transport and tunnel
mode with DES, 3DES, MD5 and SHA1 combinations, at
http://w2kipsec-pub.rte.microsoft.com, address 131.107.152.30.  Full
instructions are on the web page, which is clear text accessible.  Multiple
users can test simultaneously.  The test machine is otherwise unprotected,
with a web server, ftp server running.

We are already getting random hack attempts periodically on the site (just
because it's there?), so
send mail to ipsecpki@microsoft.com if you can't reach it or the Microsoft
CA test site, http://sectestca1.rte.microsoft.com

>From inside out -------------
Win2000 client
(10.10.10.2)
  |
  |
(10.10.10.1)
Win2000 Server
131.107.152.29)
  =
  = Internet
  =
(your Internet IP)
your gateway
(your internal IP)
  |
  |
(client internal IP)
your client

The .30 and .29 addresses are pingable to allow you to see if it is
reachable (assuming you didn't block this to your IP address with policy).

Please have someone on your product team try this out and let us know if you
have successfully tested against it or have problems.  Report issues to:
ipsecpki@microsoft.com.  We will reply as soon as we can, but there may be
some delay.  This is not a Win2000 VPN server, so don't expect L2TP or PPTP
support, just IPSec transport and tunnel support that you configure
yourself through the web page.

If you are using Windows 2000 on your side, you may wish to enable IPSec
auditing for Logon/Logoff events in the Audit Policy on the local machine.
To enable Oakley.log negotiation tracing for debugging:
  1. create a key called Oakley under
HKLM\System\CurrentControlSet\Services\PolicyAgent
  2. add value, Reg_DWORD, name EnableLogging, value=1
 
The file will be written to %windir%\debug\oakley.log and oakley.log.sav
(the previous log after service is restarted)
 
Thanks,
Wm
William Dixon
Program Manager - Internet Protocol Security
Windows Operating Systems Division
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
Email: WDixon@microsoft.com (preferred), Work: 425-703-8729

Microsoft VPN Position Whitepaper:
http://www.microsoft.com/windows/server/technical/networking/NWPriv.asp
The Win2000 Beta3 IPSec walkthrough, under Security:
http://www.microsoft.com/windows/server/Deploy/default.asp
3DES support in IPSec is obtained by installing the High Encryption Pack at:
http://www.microsoft.com/windows/server/beta/downloads/128bit/default.asp
Windows 2000 IPSec Interop external web site:
http://w2kipsec-pub.rte.microsoft.com

Prev by Date: Re: cookie verification
Next by Date: Re: Heartbeats (was RE: keepalives)
Prev by thread: I-D ACTION:draft-ietf-ipsec-ecn-02.txt
Next by thread: IKE and tunneling
Index(es):
- Main
- Thread