Hello, I am trying to establish a server to server ipsec tunnel. Both servers are running Windows 2003. Both servers have public ip addresses. I am getting confused between internal and external IP's in the documentation I have been reading and tunnel endpoints. Would the tunnel endpoint be the destination server or a different gateway? I have been trying all different combinations. My basic senerio is Server1 (Public IP) Internet Server2 (public IP). WHen I try to ping the other server I keep getting a negotiating ip security. Is ehat I am trying to do possible? Am I missing a step? Thanks in advance!

Yes, but once you establish the tunnel,you should be testing traffic from subnet1 (behind server 1 with the private IP as the default gateway) to subnet 2 (behind Server2 with its private IP as the default gateway on that subnet). Make sure that you have set up complementary IP Sec policies so that the negotiations succeed.Your best bet for troubleshooting is to implement the Oakley.log and look at what is happening.Brian

Brian, I figured it out, it was staring me in the face. Tunnel endpoint is the ip closest to the internet in my case the sending server not the destination. Once I reversed the IP's I was able to make a tunnel. I confirmed this by making a connection while running network monitor and the payload is indeed encrypted. Thanks!