Re: XP SP2 VPN and Home Edition

From: Matt Hickman (hemo_jr_at_space.com)
Date: 08/30/04 

Date: 30 Aug 2004 08:44:48 -0700

"Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<j1tni0tga3oea8la75jop2220geb7flr4m@4ax.com>...
> The hang at this point typically involves errors in PPTP Passthrough
> (GRE)... You haven't happened to install a new router on your home
> system, have you?

Nope, I use dial-up and my XP Home computer is the one doing the dialing.
It also run ICS, but I don't think that should have any effect on the
dial-up interface.
 
> Also, try setting up a L2TP tunnel.. It is fairly easy to configure -
> (on the server side, setup a preshard key in RRAS and then configure
> the same preshared key on your client system). L2TP VPNs need TCP/UDP
> 1701, UDP 4500, UDP 500 forwarded...

Something is wrong. I was under the imopression that RRAS set up
a L2TP security policy when it stated up. But when I try to connect
from either the XP pro on Home machines, I get an error 791 ... security
policy for connection not found. If I turn on a policy at the RRAS server,
"Server (request security)" or a custom policy using the preshared key, I
get an error 788 .. security layer could not negotiate compatible
parameters with the remote computer. "More info" tells me that my current
configuration of L2TP parameters is not compatible with the microsoft
implementation of L2TP.

My client's IP address does show up in the IP security monitor's
security associations for the rras server under Quick Mode, so something
is getting through. Also, if the keys do not match, I get 792 security
negotiation timeout error

The router at the server site is set up to forward udp/tcp 1701; udp 500;
udp 4500; and tcp 50 to the Windows 2003 RRAS server. It does not have
the ability to filter on protocol. I also set up, in rras, the
preshared key by checking the "allow custom IPSec policy for L2TP
connection" under the security tab of the RRAS server properties.

I obviously have something configured incorrectly -- probably on the
rras server. Thanks for your help up to this point, and any further
help is appreciated. 

-- 
Matt Hickman   
  We can't expect each man to be his own Tom Paine.
                         Robert A. Heinlein (1907 - 1988) 
                         "If This Goes On--" ASF  c.1940

Relevant Pages

  • Fwd: Oh Dear, Where to start?!
    ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
    (Security-Basics)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
    (Firewall-Wizards)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... The report you cite is CheckPoint originated and deals with older NetScreen ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ...
    (Firewall-Wizards)
  • Re: No Shut Down or Restart for Domain Admins
    ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    (microsoft.public.windows.server.active_directory)
Quantcast