Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hello All, We are having problems trying to get a client machine talking to our CVSNT server when IPSec is enabled. The topology of the system is as follows: Client machine - This machine (Windows XP, using WinCVS client, SSPI) is based offsite. It connects to our corporate LAN via SecureClient through our CheckPoint-NG VPN. CVSNT Server (2.0.4) - This machine is onsite (Windows 2K prof). The machine has been locked down using an IPSec policy. What I mean by that is that the 'Secure Server (Require Security)' policy is assigned. Authentication between this server and any client is done using a shared string (that's a setting within the IPSec policy). Now, client machines onsite connect perfectly well to the CVSNT server and we can checkin/out with no problems when IPSec is enabled. However, when our offsite client trys to perform a cvs operation we get the following error "cvs [update aborted]: connect to XXXX-CVS (xxxx-cvs.xxxx.com):2401 failed: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond" If I disable the IPSec policy on the CVSNT server, our offsite client starts working again. So, the obvious culprit here is IPSec. I don't confess to be an IT Admin expert but as far as I can tell, the IPSec policy we have isn't blocking any particular traffic on port 2401. Indeed we know that the onsite clients tunnel through successfully anyway. Has anyone else had experience of IPSec + CVSNT + VPN's ??? Any advice, help or general comments will be greatly appreciated, Thanks Paul.