RE: L2TP over Wireless and NAT

From: ASM (ASM_at_discussions.microsoft.com)
Date: 02/25/05 

Date: Fri, 25 Feb 2005 10:49:04 -0800

I've read that IPSec needs either certificates or Kerberos to authenticate.
Routers need IPSec passthrough. And, L2TP/IPSec may not work on a dialup
connection. This is general stuff I've come across - hope it helps some.

"Newscene" wrote:

> I am trying to configure an L2TP/IPSec connection from my home to my office
> VPN server. We have been using PPTP for VPN for some time now in the
> wireless configuration with no problems; the only difference is we are
> trying to move the VPN to L2TP. The client is a Thinkpad T40 (built in
> 802.11A/B) running Windows XP Pro (SP2) and the target is a Windows 2000
> Advanced Server (SP4). The client is on a 802.11A/B WLAN using NAT on a
> DLink DI-764 (with current firmware) behind a Speedstream 5260 DSL modem.
> The Office LAN is on a Cisco 2620 with integrated firewall and the firewall
> has the all the necessary ports and protocols enabled for both PPTP and
> L2TP.
>
> I believe the client, the server and firewall are correctly configured as I
> am able to establish a L2TP connection from the Thinkpad using either a
> Verizon CDMA 1xEVDO PC-5220 wireless card* or by connecting the notebook
> directly to the DSL modem. However if I try L2TP using my WLAN connection
> the L2TP connection returns Error 678. There is no indication in the server
> logs that a VPN attempt was made. As I said, a PPTP connection establishes
> instantly in this configuration and the L2TP establishes immediately outside
> the WLAN so I am fairly confident the problem lies with the NAT.
>
> The DLink has an option to allow VPN passthrough for PPTP and IPSec VPNs and
> these are set. I spent several hours on the phone with DLink support trying
> various combinations of settings on the DLink including: direct wired
> Ethernet connection of the notebook to the router; configuring the notebook
> on the router's DMZ; etc. all with the same result.
>
> I have read the docs on Microsoft about XP and 200x support for L2TP and NAT
> and I am at a loss where to go from here. If anyone has seen this problem
> and has a solution I'd certainly appreciate hearing from you.
>
> ---------------
> * By the way, I heartily recommend this wireless service. I am in South
> Florida and we routinely achieve connections of 400KB with this service.
>
>
>

Relevant Pages

  • Honoured VPN guru, help needed very much (Openswan IPsec, l2tpd, pppd )
    ... This LANs connected between using VPN, ... Configuration of OS and software for VPN are identical. ... But on one of VPN gateways after IPSec ... after 20-30 seconds connection go down. ...
    (comp.os.linux.networking)
  • =?utf-8?B?0JDQvdCz0LvQuNC50YHQutC40LkJICAgINC90LDRgdGC0YDQvtC50LrQuCB8INGB0LvQvtCy0LDRgNC4INC+0L
    ... This LANs connected between using VPN, ... Configuration of OS and software for VPN are identical. ... But on one of VPN gateways after IPSec ... after 20-30 seconds connection go down. ...
    (comp.os.linux.networking)
  • Configuring router for VPN passthrough
    ... to VPN requests, and have the laptop configured to connect as a VPN ... The connection made from inside the firewall (directly to the ... I think it has to be the router configuration for VPN ...
    (comp.security.firewalls)
  • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
    ... this morning I was messing around with the built-in vpn ... I created an incoming connection and forwarded port ... Sonicwall prefers an IPSec VPN. ... people in the remote office need to access an Excel spreadsheet that is on ...
    (alt.internet.wireless)
  • Re: Could I have your suggestions?
    ... the IP config of the public side of the routers is ... > the VPN tunnel to the main office. ... This will create a connection from ... > the DHCP server at the main office and IP configuration will be ...
    (microsoft.public.windows.server.networking)