Re: L2TP over Wireless and NAT

---

• From: " Newscene" <not_real@xxxxxxxxxxxx>
• Date: 8 Apr 2005 16:40:22 -0500

---

I've run out of ideas on this.

I have swapped the client router, I have reconfigured the server router
(Cisco) to allow protocols "esp" and "ahp" and allowed USP on ports 500,
1701 and 4500. We have applied the Windows XP patch. We have done everything
but cast a spell and roll the bones --- we cannot get a L2TP connection.
According to the Cisco we have multiple hits on port 500 but nothing on 1701
or 4500 or the two protocol options.

L2TP works into this server from the client when dialed int the Internet
using a Verizon CDMA cellular access but it simply will not work from behind
the client normal path via a Dlink router using NAT. As I said we changed
the router from the DLink to a Linksys and has the same results.








"Jeffrey Randow (MVP)" <jeffreyr-support@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:h4i921l9rhjajikaoikp8f8th0b5e81f7u@xxxxxxxxxx
> L2TP VPNs can use certificates or a Pre-Shared Key... Certificate
> based is much more secure, but at a cost of difficulty in setting up.
> ---
> Jeffrey Randow (Network MVP)
>
> Remote Networking Technology FAQ -
> http://www.remotenetworktechnology.com
> My Networking Blog: http://www.networkblog.net
> MS Network Community -
> http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
> MS Home Networking Community -
> http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
>
> On Fri, 25 Feb 2005 10:49:04 -0800, ASM
> <ASM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>>I've read that IPSec needs either certificates or Kerberos to
>>authenticate.
>>Routers need IPSec passthrough. And, L2TP/IPSec may not work on a dialup
>>connection. This is general stuff I've come across - hope it helps some.
>>
>>"Newscene" wrote:
>>
>>> I am trying to configure an L2TP/IPSec connection from my home to my
>>> office
>>> VPN server. We have been using PPTP for VPN for some time now in the
>>> wireless configuration with no problems; the only difference is we are
>>> trying to move the VPN to L2TP. The client is a Thinkpad T40 (built in
>>> 802.11A/B) running Windows XP Pro (SP2) and the target is a Windows 2000
>>> Advanced Server (SP4). The client is on a 802.11A/B WLAN using NAT on a
>>> DLink DI-764 (with current firmware) behind a Speedstream 5260 DSL
>>> modem.
>>> The Office LAN is on a Cisco 2620 with integrated firewall and the
>>> firewall
>>> has the all the necessary ports and protocols enabled for both PPTP and
>>> L2TP.
>>>
>>> I believe the client, the server and firewall are correctly configured
>>> as I
>>> am able to establish a L2TP connection from the Thinkpad using either a
>>> Verizon CDMA 1xEVDO PC-5220 wireless card* or by connecting the notebook
>>> directly to the DSL modem. However if I try L2TP using my WLAN
>>> connection
>>> the L2TP connection returns Error 678. There is no indication in the
>>> server
>>> logs that a VPN attempt was made. As I said, a PPTP connection
>>> establishes
>>> instantly in this configuration and the L2TP establishes immediately
>>> outside
>>> the WLAN so I am fairly confident the problem lies with the NAT.
>>>
>>> The DLink has an option to allow VPN passthrough for PPTP and IPSec VPNs
>>> and
>>> these are set. I spent several hours on the phone with DLink support
>>> trying
>>> various combinations of settings on the DLink including: direct wired
>>> Ethernet connection of the notebook to the router; configuring the
>>> notebook
>>> on the router's DMZ; etc. all with the same result.
>>>
>>> I have read the docs on Microsoft about XP and 200x support for L2TP and
>>> NAT
>>> and I am at a loss where to go from here. If anyone has seen this
>>> problem
>>> and has a solution I'd certainly appreciate hearing from you.
>>>
>>> ---------------
>>> * By the way, I heartily recommend this wireless service. I am in South
>>> Florida and we routinely achieve connections of 400KB with this service.
>>>
>>>
>>>
>


.

---

• Prev by Date: Re: Remote Desktop - More than 10 connections?
• Next by Date: What Happens When IP Address Changes
• Previous by thread: Remote Desktop - More than 10 connections?
• Next by thread: What Happens When IP Address Changes
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: static routing ... Connections work going out from inside the router, ... I'll have to remove the router and connect the server directly to the cable ... A static route has been added that matches the subnet ... (microsoft.public.windows.server.networking) Re: Connection from remote computer to network SQL Server ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ... (microsoft.public.access.adp.sqlserver) Re: Networking Question - VLANs on SBS 2003 Premium SP1 ... port on the old router so I now have a segregated WLAN. ... be sure you do not enable any DHCP server in internal network. ... On the Connection Type page, click Broadband, and then click Next. ... On the Network Connection, You must enable and configure the network ... (microsoft.public.windows.server.sbs) Re: Urgent! New router and big disaster ... seleting full time broadband connection. ... Les Connor [SBS Community Member - SBS MVP] ... check the router as well and unless I missed a firewall setting on it, ... Anyway the Server Ipconfig /all is this... ... (microsoft.public.windows.server.sbs) Re: Still cant connect to RWW or OWA remotely ... As for error messages when I fail to access RWW with the laptop, ... the server) when you fail to access RWW with the laptop? ... I tried accessing RWW from my laptop connected to a router ... match the broadband connection, the two NIC firewall, the remote ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.work_remotely  > 2005-04