 Phase 2 IKE Negotiation Fails with Secure Client
Phase 2 IKE Negotiation Fails with Secure Client
When doing a dial-up connection with SecuRemote Client Build 4165 for Win95/98, you may authenticate but not complete the formation of the IPSEC tunnel. The firewall logs show the client completed the user authentication and the key exchange. The client completes phase 1 of the IKE negotiation but does not complete phase 2. Sniffing of the connection shows a fragmented UDP packet at the beginning of Phase two but does not identify a port number. Routers to the network drop the packet as unrelated to any session and incomplete. Problem is only related to Windows 95/98 and possibly ME. ME was not tested.
The IKE negotiation packets cannot be fragmented. On Windows 98 (or 95 with Dial-up Networking 1.3 installed), you can modify the parameters on the Dial-Up Adaptor to prevent this from happening. Set the Packet Size parameter to "High" instead of Auto and reboot.
-- PhoneBoy - 02 Apr 2004
FAQForm
FAQs.Class: SecureClientFAQs, TroubleshootingFAQs
FAQs.OS:
FAQs.Version:  | 
Phase 2 IKE Negotiation Fails with Secure Client 
2005-08-14 
Linear Mode
