Re: L2TP/IPSEC - error 678
From: JJ (iamjimjones_at_earthlink.net)
Date: 01/05/05
- Next message: Chandlar: "Re: Routing Problem"
- Previous message: Jaime Stuardo: ""Routing and Remote Access" in Windows Server 2003"
- In reply to: Herb Martin: "Re: L2TP/IPSEC - error 678"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 05 Jan 2005 13:23:01 GMT
"Herb Martin" <news@LearnQuick.com> wrote in message
news:%235rxk1t8EHA.3476@TK2MSFTNGP15.phx.gbl...
>> problem (FINALLY) solved...and i hope one of the MS guys can/will
>> comment on this. IPSEC was disabled in the registry on my client
>> machine. not sure how/why this was so...perhaps a sp2 change on xp?
>
> Glad you solved it.
>
>> anyway...the key i needed to change to get L2TP/IPSEC working:
>>
>> HKLM\System\CurrentControlSet\Services\RasMan\Parameters\ProhibitIpSec
>>
>> changed from 1 (default?!?) to 0...problem solved.
>
> I really don't think that is the default -- how did you
> find that?
I stumbled on out of desperation...I went to ADD the key only to find it was
already present. I checked some other machines and it is clearly NOT the
default...as a matter of fact the key isn't even present.
I strongly suspect a 3rd party VPN client (WatchGuard branded SafeNet) was
to blame...the registry setting in question exists on all of the machines
that have this particular VPN client installed...which includes the machine
I was using for testing.
> --
> Herb Martin
>
>
> "JJ" <iamjimjones@earthlink.net> wrote in message
> news:MPG.1c44b146caf008ec989684@news-server.cinci.rr.com...
>> In article <3M4Cd.7670$JC2.3460@newsread2.news.atl.earthlink.net>,
>> iamjimjones@earthlink.net says...
>> > I am in the middle of a win2003 RAS rollout...with an end goal of
> L2TP/IPSEC
>> > for both VPN and wireless connections (802.1x). I've waded through the
> PKI
>> > setup...certs are issued to my IAS/RAS servers and my test client
> machine.
>> >
>> > Servers are all win2003...client is winXP (sp2). RAS server has a
> public IP
>> > (firewalled) and a private IP (for corporate LAN)...authentication is
> via
>> > IAS installed on win2003 DC's...client is using standard dial-up (no
> NAT).
>> >
>> > I can establish a VPN connection through PPTP...with either CHAP or
>> > EAP-TLS...with no problems.
>> >
>> > When I attempt to connect via L2TP/IPSEC I consistently get 678 errors
>> > (server did not respond)...this is the case for both preshared key and
>> > certificate attempts.
>> >
>> > When I attempt the L2TP connection it behaves as if it were a firewall
>> > problem...client sends out an L2TP request on 1701...and then seemingly
>> > nothing happens...error 678 server did not respond. However...I have
> tested
>> > with the client and RAS server on the same (public) subnet...as well as
>> > opening all traffic to/from the RAS server from another known public
>> > IP.
> So
>> > I am fairly confident it is not a firewall issue.
>> >
>> > The fact that PPTP works with EAP-TLS would seem to imply that it is
>> > not
> a
>> > certificate related problem. As would the fact that L2TP also fails
> with
>> > preshared key attempts.
>> >
>> > I've not been this stumped in quite some time...would appreciate advice
> on
>> > where to focus troubleshooting efforts.
>> >
>>
>
>
- Next message: Chandlar: "Re: Routing Problem"
- Previous message: Jaime Stuardo: ""Routing and Remote Access" in Windows Server 2003"
- In reply to: Herb Martin: "Re: L2TP/IPSEC - error 678"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
