Problem with creating IPsec VPN tunnel

I am trying to set up an IPsec VPN tunnel to a provider of a data service. I am using a Windows 2003 Server as my gateway and I have set up the IPsec records correctly I think. My gateway has two network cards, one to the LAN (192.168.111.0) and one public (213.888.555.155 "not the real one"). My provider has a VPN where I am going to reach a computer with the ip 192.168.30.23. The external IP of the providers server is 65.888.555.254 "no the real one". From my gateway I am now trying to ping 192.168.30.23 which as I understand it should automatically raise a VPN tunnel to 65.888.555.254 but this is not happening I think. I have also configured a statis route that says that 192.168.30.23 should use my gateways public interface and the gateway 65.888.555.254. If I write tracert 65.888.55.254 on my windows 2003 gateway it traces that one correctly. If I write tracert 192.168.30.23 it only sends 192.168.30.23 to my ISP it seems and then of course stops. Am I missing something here?
Steverino541Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

drtoto82Commented:
Sure ..

If you are encrypting the packet headers in the IPSec policy you will have a problem with the NAT. This is done automatically to prevent against Man in the Middle Attack .

So , make sure you encrypt the packet body only .

Test again and check if it works.
0
Steverino541Author Commented:
Ok, can you direct me to where I can change that?
0
drtoto82Commented:
mmc > IP Security Policies > 
On Server Policies (According to which one you used) :
rt click -> Properties :
in Rules Tab : Edit the rule ->
.  Tunnel Settings : Make your endpoint IP Address
. Filter Action : Edit your rule , Edit : Choose AH intead of ESP

Make sure u make the same configuration on both sides.

Make sure too , you write the original configuration aside before doing these tests in case the configuratoin gets corrupted.

Also, on your firewalls and routers , make sure you allow these for IPSec to work fine :

 IP Protocol ID of 51 : Both inbound and outbound filters should be set to pass AH traffic

UDP Port 500 : Both inbound and outbound filters should be set to pass ISAKMP traffic

, Also if you had to use ESP for whatever rease make sure u allow ID Protocl 50 .
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.