Event Id | 4289 |
Source | IPSec |
Description | The IPSec driver failed the oakley negotiation with 172.27.2.1 since no filter exists to protect packets to that destination. Please check the configuration on this machine to ensure at least one filter matches the destination. |
Event Information | According to Microsoft: Windows 2000 supports IPSec tunneling for situations where both tunnel endpoints have static IP addresses. This is primarily useful in gateway-to-gateway implementations, but may also work for specialized network security scenarios between a gateway/router and a server (like a Windows 2000 router routing traffic from its external interface to an internal Windows 2000-based computer securing the internal path by establishing an IPSec tunnel to the internal server providing services to the external clients). Windows 2000 IPSec tunneling is not supported for client remote access VPN use because the IETF IPSec RFCs do not currently provide a remote access solution in the Internet Key Exchange (IKE) protocol for client-to-gateway connections. The IETF RFC 2661 for Layer 2 Tunneling Protocol (L2TP) was specifically developed by Cisco, Microsoft, and others for the purpose of providing client remote access VPN connections. In Windows 2000, client remote access VPN connections are protected using an automatically generated IPSec policy that uses IPSec transport mode (not tunnel mode) when the L2TP tunnel type is selected. Windows 2000 IPSec tunneling also does not support protocol and port-specific tunnels. While the Microsoft Management Console (MMC) IPSec Policy snap-in is very general and allows you to associate any type of filter with a tunnel, make sure you use only address information in the specification of a filter for a tunnel rule. |
Reference Links | How to Configure IPSec Tunneling in Windows 2000 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.