IPSec Problem with working Policy


  • Hi All,

    I have a working IPSec policy that secures the communication from my web servers to my clients.
    the Web servers are behind a NLB (not MS).

    The rules that are configured on the Servers are :
    Rule Name, Protocol, Src Port, Dst Port
    Any <-> WebServer1, TCP, ANY, 80
    Any <-> WebServer1,  TCP, ANY, 443
    Any <-> WebServer2,  TCP, ANY, 80
    Any <-> WebServer2,  TCP, ANY, 443
    Any <-> WebNLB,  TCP, ANY, 80
    Any <-> WebNLB,  TCP, ANY, 443

    On the Client the rules are the same.
    Both Rules are in Request Mode.

    The Policy works great for most people but for some we get SYN_SENT when accessing the Servers.
    We checked the Rules and Oakley.log everything seems fine.
    we check the server's IPSec Monitor and saw an SA for those computers, same on the clients.

    When we changed the IP Address of one of the problematic clients everything worked !
    when we changed it back, still working...

    I have really no clue...
    Can anyone help?

    Assaf Miron
    Thursday, March 26, 2009 10:05 AM