Error message in ISA Server 2004 when you configure an IPsec tunnel mode site-to-site VPN on an ISA Server 2004-based computer
Error message in ISA Server 2004 when you configure an IPsec tunnel mode site-to-site VPN on an ISA Server 2004-based computer: “0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED”
Consider the following scenario:
- You configure a site-to-site virtual private network (VPN) tunnel on a Microsoft Internet Security and Acceleration (ISA) Server 2004-based computer.
- You configure the VPN tunnel by using Internet Protocol security (IPsec) tunnel mode method.
In this scenario, you may find that the IPsec tunnel connection is blocked and the following run-time error message is logged in the ISA Server log:
0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
Notes:
- You have installed Microsoft Windows Server 2003 Service Pack 1.
- The frequency of this error message depends on the parameters of the IPSec tunnel mode configuration.
- The error message occurs even if you disable the IP Spoof Detection feature.
For more information about how to disable IP Spoof Detection feature, click the following article number to view the article in the Microsoft Knowledge Base:
838114 (http://support.microsoft.com/kb/838114/) How to disable the IP Spoof Detection feature in Microsoft ISA Server 2004
For more information and solution, check out: http://support.microsoft.com/default.aspx?scid=kb;...08#top
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP — ISA Firewalls
Stefaan Pouseele Says:
May 16th, 2006 at 1:18 pm
Hi Tom,
finally that KB is published. It’s the result of what is discussed in http://forums.isaserver.org/m_2002001812/mpage_1/tm.htm.
Thanks,
Stefaan
Tom Shinder Says:
May 17th, 2006 at 1:32 pm
Yes! I guess we’ll need to wait for SP3 for a public downloadable fix.