Hi All, I have a working IPSec policy that secures the communication from my web servers to my clients. the Web servers are behind a NLB (not MS). The rules that are configured on the Servers are : Rule Name, Protocol, Src Port, Dst Port Any <-> WebServer1, TCP, ANY, 80 Any <-> WebServer1, TCP, ANY, 443 Any <-> WebServer2, TCP, ANY, 80 Any <-> WebServer2, TCP, ANY, 443 Any <-> WebNLB, TCP, ANY, 80 Any <-> WebNLB, TCP, ANY, 443 On the Client the rules are the same. Both Rules are in Request Mode. The Policy works great for most people but for some we get SYN_SENT when accessing the Servers. We checked the Rules and Oakley.log everything seems fine. we check the server's IPSec Monitor and saw an SA for those computers, same on the clients. When we changed the IP Address of one of the problematic clients everything worked ! when we changed it back, still working... I have really no clue... Can anyone help? Assaf Miron http://Assaf.Miron.googlepages.com

Hi AssafM, after checking the issue, it seems this is a Windows Server related issue. As this forum focuses on Windows Vista specific issues, this inquiry would best be posted to the following forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.Sean Zhu - MSFT

Hi, Thank you for posting. May I know how is the issue now? If the issue persists, please let us know how you notice that you get SYN_SENT when accessing the Servers. I also would like to know if there are only Windows Vista computers on the network and if all the problematic computers are Windows Vista computers. Thanks. Nicholas Li - MSFT