Thanks in advance
There are two reasons you may be having difficulties here.
First, if you are setting up gateway-to-gateway connections using the W2K servers, the servers themselves will not be able to communicate with each other through the tunnels, only other systems behind the servers. This is because IPSec gateways can only encrypt and transmit traffic on behalf of other devices. So, the tunnel may be up and running, but you need to have a PC on each end that is talking through the gateway to test traffic. In this mode you need a minimum of four devices: two gateways and two systems communicating through the gateways.
Second, if one W2K system is acting as the client and the other is acting as the gateway, the gateway can terminate the tunnel, but it cannot terminate sessions that are initiated through the tunnel. In this case, you would need another device behind the gateway. Here you need a minimum of three systems: one gateway, a PC with client software that has a VPN tunnel to the gateway, and another PC sitting behind the gateway with which the first PC is communicating.
In IPSec, there are two types of device gateways and hosts. Connections can be established between gateways and gateways, and between gateways and hosts. For security reasons, only gateways can carry traffic for other devices. All traffic that passes through a host tunnel must originate on the host. On the other hand gateways cannot initiate or terminate traffic that originates on the gateway.
Hope this helps,
This was first published in September 2002