Re: NAT-T and L2TP
From: David Beaven (technet_at_ids.ac.uk)
Date: 08/11/04
- Next message: Sharoon Shetty K [MSFT]: "Re: share rasphone.pbk on mapped network drive"
- Previous message: Bob Qin [MSFT]: "RE: NAT-T and L2TP"
- In reply to: Bob Qin [MSFT]: "RE: NAT-T and L2TP"
- Next in thread: Bob Qin [MSFT]: "Re: NAT-T and L2TP"
- Reply: Bob Qin [MSFT]: "Re: NAT-T and L2TP"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 10:33:27 +0100
I have already applied the update from q818043 to the w2k client
I think that this timeout means it isn't negotiating the NAT_T correctly
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 547
Date: 10/08/2004
Time: 17:08:40
User: NT AUTHORITY\NETWORK SERVICE
Computer: LARCH
Description:
IKE security association negotiation failed.
Mode:
Key Exchange Mode (Main Mode)
Filter:
Source IP Address [myipaddress]
Source IP Address Mask 255.255.255.255
Destination IP Address 62.252.68.136
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr [myipaddress]
IKE Peer Addr 62.252.68.136
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr
Peer Identity:
Certificate based Identity.
Peer IP Address: 62.252.68.136
Failure Point:
Me
Failure Reason:
Negotiation timed out
Extra Status:
Processed first (SA) payload
Responder. Delta Time 63
0x0 0x0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Regards
David
"Bob Qin [MSFT]" <bobqin@online.microsoft.com> wrote in message
news:uax0CG4fEHA.2640@cpmsftngxa06.phx.gbl...
> Hi David,
>
> Thanks for your posting here.
>
> Would you please let me know the detailed error message? Please copy the
> whole event log in your post and we will do further research.
>
> In addition, please also refer to the following article for detailed
> information about L2TP/IPSec NAT-T update.
>
> 818043 L2TP/IPSec NAT-T update for Windows XP and Windows 2000
> http://support.microsoft.com/?id=818043
>
> Best regards,
> Bob Qin
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> --------------------
> From: "David Beaven" <technet@ids.ac.uk>
> Subject: NAT-T and L2TP
> Date: Tue, 10 Aug 2004 17:40:57 +0100
> Newsgroups: microsoft.public.win2000.ras_routing
>
>
> Using L2TP, clients connect OK in from internet to private address
> range on
> our network. I now want to allow these clients to get out to the
> internet
> (assume that they have default gateway through vpn).
> I loaded L2TP\IPSec NAT-T update on the client with the ras server
> hosted on
> W2003 server. I changed routing tables to pass traffic from server,
> and
> from the internet to this server through a cisco pix firewall 506E
> with
> release 6.3(4) running NAT (and NAT-T enabled) and which is meant to
> fully
> support NAT-T
> Get IKE security assocation negotiation failed, mode: key exchange
> mode
> (main mode) in server event log.
> Any ideas how to fix this? (or create tunnel through non NAT,
somehow
> (?ad
> users and computers, dial-in, static routes) create a route after
> tunnel
> formation through a NAT box)
> Thanks
> David
>
>
>
>
- Next message: Sharoon Shetty K [MSFT]: "Re: share rasphone.pbk on mapped network drive"
- Previous message: Bob Qin [MSFT]: "RE: NAT-T and L2TP"
- In reply to: Bob Qin [MSFT]: "RE: NAT-T and L2TP"
- Next in thread: Bob Qin [MSFT]: "Re: NAT-T and L2TP"
- Reply: Bob Qin [MSFT]: "Re: NAT-T and L2TP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
