Subject: Re: racoon, gss-api auth, and win2k IPSec IKE ...
To: Michael Richardson <email@example.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 06/09/2002 18:08:09
In message <200206080112.g581CXh02324@marajade.sandelman.ottawa.on.ca>,
Michael Richardson writes:
> MS didn't implement tunnel mode. The only way they can build a tunnel is
>by creating a PPTP interface and using transport mode.
> This may not be true, but it is hard for me to imagine Dixon got
> this wrong.
Sorry if I was too polite the first time, but I just dont buy this.
See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q252735 or
one of a myraid of other pages showing how to set up IPsec tunnels
with win2k. There is a restriction on having static IP addresses at
each end, but that is reasonably is reasonably well-known.
Cisco even has a Warp page *showing* how to set up an IPsec tunnel
between a win2k box and various Ciscos, complete with screen shots of
win2k tunnel endpoint settings: http://www.cisco.com/warp/public/707/2000.html.
Someone is seriousy out of touch. I'm having enough problems working
around real MS limitations; we don't want NetBSD lists to spread false
romours about imaginary problems. (Suppose I contact the I-D authors,
then Microsoft employees review this thread, and see bilge like this?)