Intel® Packet Protect User’s Guide
50
Troubleshooting
Communication fails
If a Packet Protect computer cannot communicate with another computer, check
the following:
• Verify that each computer’s basic security settings are set to allow commu-
nication. If the computers are using advanced security settings, verify that
the computers have matching rules. The rules must allow for a match
between ESP and AH settings for the security action.
• If using pre-shared keys, verify that each computer is set up to use the same
pre-shared key when communicating with each another. Note that
pre-shared keys are case-sensitive.
• At the client, verify that Packet Protect is running. Click the Start button on
the taskbar, select Settings > Control Panel. Double-click Services and ver-
ify that Intel Policy Agent is started.
Communication fails when passing through a firewall
Depending on the type of firewall, IPSec may affect the deployment in different
ways:
• Some firewalls block outside-in traffic without performing network address
translation (NAT). These firewalls can sometimes be configured to allow
IPSec traffic to flow from within the network.
• Proxying firewalls use HTTP, Telnet, FTP and other application proxies or
SOCKS to forward traffic. With these firewalls, IPSec cannot be used to
protect traffic end-to-end. IPSec can be used within the local LAN, but all
outside traffic will remain unprotected.
• If a gateway or firewall is present doing network address translation, IPSec
cannot be applied since IPSec packets are encrypted and integrity-pro-
tected, making address and port substitution impossible.
The effects of IPSec on firewall policies vary greatly on the type and goals of the
firewalls. Refer to your firewall vendor for information on IPSec support.
Packet Protect doesn’t start automatically upon startup
At the computer, make sure that Packet Protect is started as a service. See “Turn
Security On for a Computer” on page 47.
Multicast, Broadcast, and IGMP traffic isn’t protected
Multicast traffic is always unprotected when you use Packet Protect because of
IPSec standards. In addition, IGMP traffic is unprotected.