Solaris 9 (and higher) and Windows IKE definitely interoperate in Transport Mode and there are many people who use this configuration routinely. There are subtle configuration problems that can get people frustrated, however. These SunSolve articles (which are very long due to Windows screenshots) have step-by-step instructions and also attempt to document the intersection of features in which interoperability is possible. (e.g. as far as I can tell, Windows does not have manual keying or self-signed certificate capabilities and only has one phase 1 auth method for certificates.)
Infodoc 79028: Solaris[TM] IPsec/IKE Interoperability with Microsoft (R) Windows 2000 and XP (Using Windows CA) Infodoc 77805: Solaris[TM] IPsec/IKE Interoperability with Microsoft (R) Windows 2000 and XP (Pre-shared keys) Infodoc 74677: Solaris[TM] IPsec/IKE Interoperability with Microsoft (R) Windows 2000 and XP (CA signed certificates / OpenSSL generated) To the extent that these docs don't answer your questions, I'd be happy to try to work with you in a different forum or offline to determine where the issue is. For transport mode, It's likely either a configuration problem or a bug, either of which can be remedied. (Unless there is some detail I don't know about with respect to the configuration you were trying.) Also, as Solaris has progressed from S9->S10->Nevada/OpenSolaris/Solaris Express, the in.iked debug output has improved considerably to become more human-readable, which also helps a great deal in figuring out what is wrong. The problem with tunnel mode in Solaris is that the whole notion of inner identities (and the processing thereof) is fundamentally different from most other operating systems, so it is more than just a bug fix. It requires a pretty extensive re-working of the IKE and IPsec plumbing, hence the project status. Regards, Paul This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org