Prateek, please direct all Win2k questions to the Windows 2000 newsgroup where our support engineers and others doing similar things will see it.
It appears to me on the inside as: ms.beta.win2000.networking, or it could be advertised as microsoft.public.win2000.networking
This KB article, Q252735, describes how to configure Win2k tunnel mode
http://support.microsoft.com/support/kb/articles/Q252/7/35.ASP?LN=EN-US&SD=gn&FR=0
Win2k supports address based filters only:
http://support.microsoft.com/support/kb/articles/Q248/9/83.ASP?LN=EN-US&SD=gn&FR=0
Use the win2k support tool command "netdiag /test:ipsec /v debug" to dump policy & filter state.
-----Original Message-----
From: Prateek Kapadia [mailto:prateek@arx.com]
Sent: Thursday, May 25, 2000 6:12 AM
To: 'ipsec@lists.tislabs.com'
Cc: Amir Shahal
Subject: Configuring W2K Server in Tunnel Mode
We have a W2K Server configured as a VPN Gateway on which we have defined
the policy for an IPsec tunnel from the W2K machine to a proprietary IPsec
gateway. However, we cannot seem to get the W2K server negotiate tunnel
mode. As initiator, it just silently drops traffic. As responder, Phase II
fails with the message "Expecting Transport Mode" in the oakley log.
The same scenario was tested at the last interoperability workshop where it
worked smoothly. We presume that some vendors must have come across a
similar scenario and symptoms in W2K configuration for IPsec
interoperability testing. We'd appreciate any leads or pointers to parts of
the configuration that we may have missed.
Thanking you in anticipation,
Prateek & Amir
Algorithmic Research.