L2TP/IPSEC - error 678

From: JJ (iamjimjones_at_earthlink.net)
Date: 01/03/05

• Next message: Mr Marlboro: "NAT Question"
• Previous message: Bill Grant: "Re: Can't bind to INTERNAL LAN Subnet"
• Next in thread: Herb Martin: "Re: L2TP/IPSEC - error 678"
• Reply: Herb Martin: "Re: L2TP/IPSEC - error 678"
• Reply: JJ: "Re: L2TP/IPSEC - error 678"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 03 Jan 2005 05:30:39 GMT

I am in the middle of a win2003 RAS rollout...with an end goal of L2TP/IPSEC
for both VPN and wireless connections (802.1x). I've waded through the PKI
setup...certs are issued to my IAS/RAS servers and my test client machine.

Servers are all win2003...client is winXP (sp2). RAS server has a public IP
(firewalled) and a private IP (for corporate LAN)...authentication is via
IAS installed on win2003 DC's...client is using standard dial-up (no NAT).

I can establish a VPN connection through PPTP...with either CHAP or
EAP-TLS...with no problems.

When I attempt to connect via L2TP/IPSEC I consistently get 678 errors
(server did not respond)...this is the case for both preshared key and
certificate attempts.

When I attempt the L2TP connection it behaves as if it were a firewall
problem...client sends out an L2TP request on 1701...and then seemingly
nothing happens...error 678 server did not respond. However...I have tested
with the client and RAS server on the same (public) subnet...as well as
opening all traffic to/from the RAS server from another known public IP. So
I am fairly confident it is not a firewall issue.

The fact that PPTP works with EAP-TLS would seem to imply that it is not a
certificate related problem. As would the fact that L2TP also fails with
preshared key attempts.

I've not been this stumped in quite some time...would appreciate advice on
where to focus troubleshooting efforts.

---

• Next message: Mr Marlboro: "NAT Question"
• Previous message: Bill Grant: "Re: Can't bind to INTERNAL LAN Subnet"
• Next in thread: Herb Martin: "Re: L2TP/IPSEC - error 678"
• Reply: Herb Martin: "Re: L2TP/IPSEC - error 678"
• Reply: JJ: "Re: L2TP/IPSEC - error 678"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages RE: VPN issue on SBS2003 ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ... (microsoft.public.windows.server.sbs) RE: PPTP VPN connection problems ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ... (microsoft.public.windows.server.sbs) Re: VPN Ports to Open ... the VPN connection after you change the firewall before SBS. ... On the server, please stop the Routing and Remote Access service. ... Total GRE packets sent = 1 ... (microsoft.public.windows.server.sbs) Re: Windows 2003 VPN Default Gateway Issues ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ... (microsoft.public.windows.server.networking) RE: VPN Connectivity issues through LAN ... I understand that you cannot ping SBS after ... you can establish VPN connection from the remote LAN. ... You have to rerun the CEICW to make sure your SBS 2003 server have right ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)