Hi.I tryto create secure connection betweenServer 2003 and Vista only for SMB traffic.W2k3 configuring via GP- IPsec Policy. Vista via Firewall with Advanced Security.If IPSec policy use "All IP traffic"in IP Filter list- negotiatesuccessful -SA created.IfIP Filter listmore specific, example SMB (inbound TCP139, 445) -negotiate failed.I'm enabledebug logging of IKE and finderrorin oakley.log :"Failed to get Transport Policy" on phase 2 of ISAKMPI compare success and failed negotiates and see that Vista AuthIP try to create SA withhost tohost without specified PORT.I create outbound firewall policy in Vista with allow only secure connection to 139, 445 but its notresolve problem.Does anyone know how specified port in VistaISAKMP/AuthIP negotiation configuredviaFirewall with Advanced Security?Note: If configure Vistawith specific traffic viaGP- IPsec Policy, negotiation successful =))

Hi, Thank you for posting. Please understand that Windows 2003 server only supports IKE and the Windows Vista supports both AuthIP and IKE. Therefore, the AuthIP wont work in our case. For detailed information, please refer to the following document: The Authenticated Internet Protocol http://technet.microsoft.com/en-us/magazine/2007.10.cableguy.aspx In Windows Vista and later version OS, there are two types of IPsec rules: IPSec rules: The type that Windows Sever 2003 and earlier version OS only supports. Only Support IKE Connection security rules: New feature in Windows Firewall with advanced security Support IKE and AuthIP To narrow down the issue, I would like to suggest the following: 1. Please use IPSec for an ordinary protocol such as RDP(3389). If the a RDP connection between Windows 2003 Server (through IPsec MMC ) and Windows Vista (Connection security rules) success over IPSec. We may isolate the issue from IPsec configuration problems on Windows Vista. 2. Please also refer to the section Key points in establishing an encrypted connection between Windows Vista and Windows XP or between Windows Vista and Windows Server 2003 in KB 942957 to adjust the settings. Security rules for Windows Firewall and for IPsec-based connections in Windows Vista and in Windows Server 2008 http://support.microsoft.com/kb/942957 Meanwhile, please let us know which type of authentication you use, is it Kerberos? Please also ensure that you are using the same authentication when setting up the connection. Hope this helps.Nicholas Li - MSFT