Can you attach some packet captures and the relevant logs from the servers?
As Robert said you shoul also first check if there is some sort of
firewall dropping ESP (ip protocol 50).
On Wed, Jun 17, 2009 at 11:20 PM, Robert D. Scott<robert@xxxxxxx> wrote:
> Sound like an ACL or firewall between the DMZ and the other network dropping
> ESP.
>
> Robert D. Scott Robert@xxxxxxx
> Senior Network Engineer 352-273-0113 Phone
> CNS - Network Services 352-392-2061 CNS Phone Tree
> University of Florida 352-392-9440 FAX
> Florida Lambda Rail 352-294-3571 FLR NOC
> Gainesville, FL 32611 321-663-0421 Cell
>
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Josue Del Valle
> Sent: Wednesday, June 17, 2009 4:16 PM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] Help With EPS/ISAKMP
>
> Hi,
>
>
>
> I was hoping someone could help me with this issue. I have configured
> IPSec on two Windows 2003 servers using certificates as the authentication.
> If I run wireshark from one of the server while having both servers on the
> same network, I can see a bunch of ESP which indicate to me that the traffic
> is encrypted between the two servers. If I move one of the servers to
> another network (DMZ) and try to communicate with the server located on the
> trusted network, I can't and instead of getting ESP packets all I see is
> ISAKMP packets. I have not change anything on the IPsec except the ip for
> the server that has been moved to the DMZ. The trusted network as a
> 192.168.10.X subnet and the one on the DMZ is 192.168.20.X.
>
>
>
> If I remove IPSec I can communicate from the DMZ to the LAN as intended
> which indicate routing on the firewall is working fine. I know it is kind
> of confusing, but I'm trying to figure out why WireShark shows ESP packets
> when the server is on the LAN and ISAKMP packets when the server is moved to
> the DMZ.
>
>
>
> Thanks,
>
>
>
> Josue
>
> Please remember coverage cannot be bound, amended or cancelled via the email
> or voicemail system. You cannot bind, alter, or cancel coverage without
> speaking to an authorized representative of Braishfield Associates, Inc.
> Coverage cannot be assumed to be bound without confirmation from an
> authorized representative of Braishfield Associates, Inc.
>
>
> DISCLAIMER:
> CONFIDENTIALITY NOTICE: Braishfield Associates, Inc. would like you to know
> that the information contained in this communication, including attachments
> is privileged and confidential. It is intended only for the exclusive use of
> the addressee. If the reader of this message is not the intended recipient,
> or the employee or agent responsible for delivering it to the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. Insurance coverage can
> not be bound, amended or changed via an e-mail message without knowledge or
> consent from the insuring carrier. If you have received this communication
> in error please notify us by telephone immediately at (407) 825-9911 or
> e-mail disclaimer@xxxxxxxxxxxxxxx. Thank you.
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>